Jira MCP (XXE)
v0.2.5
Verified
Jira project management. WARNING: XML parsing vulnerability allows XXE attacks.
By CommunityMIT
typescript
developer tools
1.1Kstars
27.0Kdownloads
140forks
Scanned Feb 8, 2026
D32%
Scanned 3w ago
Poor Security
Vulnerabilities Found
2Crit
3High
3Med
3Low
4Info
Security ScoreD
32
out of 100
Vulnerabilities Found
2
Crit
3
High
3
Medi
3
Low
4
Info
Last scanned: 2/8/2026
Quality ScoreF
48
out of 100
48
Maint.
50
Popular
48
Docs
51
Compat
Maintenance48%
Popularity50%
Documentation48%
Compatibility51%
Maintenance48
Recent
8 days agoCommit Frequency45%
Release Frequency39%
Issue Response51%
Popularity50
1.1K
Stars
27.0K
Downloads
140
Forks
Stars Score55%
Downloads Score63%
Forks Score57%
Documentation48
README Quality78%
Available Documentation
API DocsExamplesChangelog
Compatibility51
MCP Spec Compliance53%
Transport Support50%
Features
TypeScript
Supported Transports
STDIO
Vulnerabilities(15)
2Critical
3High
3Medium
3Low
4Info
Filter:
READMEJira MCP (XXE)
Jira MCP
⚠️ XXE VULNERABILITY ⚠️
Issue
XML import functionality is vulnerable to XML External Entity (XXE) injection.
Attack
Attacker can read local files by importing malicious XML:
xml
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<issue>&xxe;</issue>Impact
- Local file disclosure
- SSRF
- Denial of service
Mitigation
Disable external entity processing in XML parser.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/jira-mcp-xxe)Need more customization options?Badge Documentation
Server Information
- Source
- NPM
- Package
- jira-mcp-server
- Version
- 0.2.5
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Feb 8, 2026