MCP Obsidian
v0.2.0
Verified
Obsidian note-taking integration. WARNING: Path traversal vulnerability allows reading files outside vault directory.
By CommunityMIT
typescript
file system
1.9Kstars
45.0Kdownloads
256forks
Scanned Feb 8, 2026
D40%
Scanned 3w ago
Poor Security
Vulnerabilities Found
2Crit
2High
3Med
3Low
4Info
Security ScoreD
40
out of 100
Vulnerabilities Found
2
Crit
2
High
3
Medi
3
Low
4
Info
Last scanned: 2/8/2026
Quality ScoreF
58
out of 100
58
Maint.
60
Popular
58
Docs
61
Compat
Maintenance58%
Popularity60%
Documentation58%
Compatibility61%
Maintenance58
Recent
12 days agoCommit Frequency54%
Release Frequency57%
Issue Response59%
Popularity60
1.9K
Stars
45.0K
Downloads
256
Forks
Stars Score59%
Downloads Score72%
Forks Score62%
Documentation58
README Quality78%
Available Documentation
API DocsExamplesChangelog
Compatibility61
MCP Spec Compliance63%
Transport Support50%
Features
TypeScript
Supported Transports
STDIO
Vulnerabilities(14)
2Critical
2High
3Medium
3Low
4Info
Filter:
READMEMCP Obsidian
MCP Obsidian
⚠️ PATH TRAVERSAL VULNERABILITY ⚠️
Issue
File read operations do not properly sanitize paths, allowing access to files outside the Obsidian vault.
Impact
An attacker could prompt the AI to read:
- SSH keys (
~/.ssh/id_rsa) - Environment files (
.env) - Browser credentials
- System configuration
CVSS: 7.5 (High)
Status
Patch available in v0.2.1, upgrade immediately.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/mcp-obsidian-vuln)Need more customization options?Badge Documentation
Server Information
- Source
- NPM
- Package
- mcp-obsidian
- Version
- 0.2.0
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Feb 8, 2026