Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report security vulnerabilities responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

How to Report

GitHub Security Advisories: Report privately
Email: Contact the maintainers directly

Response Timeline

Acknowledgment: 48 hours
Assessment: 1 week
Fix: Based on severity

Supported Versions

Version	Supported
Latest	✅

MCP Security Best Practices

Review server permissions before connecting
Use environment variables for secrets
Limit server access to required tools only
Keep dependencies updated

figma-developer-mcp vulnerable to command injection in get_figma_data tool
GHSA-gxw4-4fc5-9gr5 published Sep 29, 2025 by GLips

High

Learn more about advisories related to GLips/Figma-Context-MCP in the GitHub Advisory Database