github doobidoo/mcp-memory-service v10.20.1
v10.20.1 -- security patch (serialize-javascript RCE, pypdf RAM exhaustion)
on GitHub

latest releases: v10.38.2, v10.38.1, v10.38.0...
one month ago

Security Patch

Fixes 4 Dependabot vulnerabilities (2 high, 2 medium).

Fixed

  • serialize-javascript RCE (High, alerts #44 #45): Updated from 6.0.2 to 7.0.3 via npm override in tests/bridge/ and tests/integration/ — RCE via RegExp.flags and Date.prototype.toISOString()
  • pypdf RunLengthDecode RAM exhaustion (Medium, CVE-2026-28351, alert #46): Updated from 6.7.2 to 6.7.4 via uv lock
  • pypdf FlateDecode XFA RAM exhaustion (Medium, CVE-2026-27888, alert #43): Same pypdf 6.7.4 update

Upgrade

pip install --upgrade mcp-memory-service
# or
uvx --upgrade mcp-memory-service

Full Changelog: v10.20.0...v10.20.1

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.20.1

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications