ICUICU
critical

@nexus2520/jira-mcp-server

v1.0.1

MCP server for Jira API integration - supports Jira Cloud

npmpdograFirst seen Feb 22, 2026

11

Total

3

Critical

4

High

4

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13: import { toolDefinitions } from './tools/definitions.js';
    14: // Get environment variables
>>> 15: const JIRA_EMAIL = process.env.JIRA_EMAIL;
    16: const JIRA_API_TOKEN = process.env.JIRA_API_TOKEN;
    17: const JIRA_BASE_URL = process.env.JIRA_BASE_URL || 'https://your-domain.atlassian.net';
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14: // Get environment variables
    15: const JIRA_EMAIL = process.env.JIRA_EMAIL;
>>> 16: const JIRA_API_TOKEN = process.env.JIRA_API_TOKEN;
    17: const JIRA_BASE_URL = process.env.JIRA_BASE_URL || 'https://your-domain.atlassian.net';
    18: // Validate required environment variables
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15: const JIRA_EMAIL = process.env.JIRA_EMAIL;
    16: const JIRA_API_TOKEN = process.env.JIRA_API_TOKEN;
>>> 17: const JIRA_BASE_URL = process.env.JIRA_BASE_URL || 'https://your-domain.atlassian.net';
    18: // Validate required environment variables
    19: if (!JIRA_EMAIL || !JIRA_API_TOKEN) {
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��vW���kj{"�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��ݕ឵:ڞȭ���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

Scan History

DateRiskFindings
Feb 25, 2026critical11
Feb 23, 2026critical11
Feb 22, 2026critical11