arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

Moderate severity GitHub Reviewed Published Dec 2, 2025 in ArcadeAI/arcade-mcp • Updated Dec 2, 2025

No open alerts for this advisory

Give feedback on Dependabot alerts