Overview · universal-tool-calling-protocol/python-utcp · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

OAuth2 `tokenUrl` Trust Boundary Bypass in OpenAPI Conversion
GHSA-8cp3-qxj6-px34 published Jun 14, 2026 by h3xxit

High
SSRF: HTTP tool invocation follows redirects without re-validating the target
GHSA-9qhg-99ww-9mqc published Jun 14, 2026 by h3xxit

High
SSRF: CVE-2026-44661 fix not applied to the GraphQL and WebSocket plugins
GHSA-ppx3-28rw-8fpf published Jun 14, 2026 by h3xxit

Moderate
Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
GHSA-5v57-8rxj-3p2r published May 10, 2026 by h3xxit

High
Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
GHSA-33p6-5jxp-p3x4 published May 10, 2026 by h3xxit

High
SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol
GHSA-39j6-4867-gg4w published May 3, 2026 by h3xxit

Moderate

Learn more about advisories related to universal-tool-calling-protocol/python-utcp in the GitHub Advisory Database