| Rank | Server | Risk 0→10 | Grade | Trend | Scope | Tools | Findings | Scanned | Hash |
|---|
Independent security scores for MCP servers, sourced from the official registry
AIVSS (AI Vulnerability Scoring System) rates MCP server security on a 0–10 scale where 0 = safe and 10 = critical.
The score combines severity-weighted findings (critical×10, high×7, medium×4, low×1) divided by tool count, multiplied by a density factor (capped between 0.5× and 2.0×). The result is clamped to 10.0 and mapped to a letter grade:
A 0.0–0.9 B 1.0–2.9
C 3.0–4.9 D 5.0–6.9
F 7.0–10.0
Hash: SHA-256 of the alphabetically sorted tool names, used to detect tool-list changes across scans (drift detection).
Scope: schema = tool schemas analyzed, fingerprint = tool signature comparison, cve = known-vulnerability matching against OSV/GitHub Advisory.
SOC/SIEM ingestion: Export findings as SARIF v2.1.0 via the Download button on each server detail page. Ingest into Splunk (SARIF add-on), Elastic Security (via sarif-to-elastic pipeline), or Microsoft Sentinel (Logic Apps SARIF connector).
Automated monitoring: Poll data.json weekly and diff
tool hashes to detect silent additions. Use mcpradar audit diff to
compare snapshots programmatically.
Detailed guides: Enterprise Integration docs
| Rank | Server | Risk 0→10 | Grade | Trend | Scope | Tools | Findings | Scanned | Hash |
|---|