Nick StocksWhen you install an MCP server, you're not just adding a tool — you're inheriting its dependency tree and whatever vulnerabilities exist within it.
We ran a large-scale dependency analysis across public MCP registries and published the results as an open API. Anyone can query it:
GET https://api.mistaike.ai/api/v1/public/cve-index
Search by name, filter by severity, no auth required.
This is Phase 1/2 of a larger research pipeline. Later phases look at runtime behaviour — what MCP servers...