The following versions of Context7 MCP are currently supported with security updates:

We recommend always using the latest version (@upstash/context7-mcp@latest) to ensure you have the most recent security patches and features.

We take the security of Context7 seriously. If you discover a security vulnerability, please report it responsibly.

• Please use GitHub's private vulnerability reporting feature to submit your report
• Alternatively, you can email security concerns to [email protected]

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested fixes (optional)

• Initial Response: We aim to acknowledge your report within 48 hours
• Status Updates: You can expect updates on the progress every 5-7 business days
• Resolution Timeline: We strive to resolve critical vulnerabilities within 30 days

• If the vulnerability is accepted, we will work on a fix and coordinate disclosure with you
• We will credit reporters in our release notes (unless you prefer to remain anonymous)
• If the report is declined, we will provide an explanation

• Disclose the vulnerability publicly before we have addressed it
• Exploit the vulnerability beyond what is necessary to demonstrate it