MCPRadar Security Leaderboard

Independent security scores for MCP servers, sourced from the official registry

How scores work ▾

AIVSS (AI Vulnerability Scoring System) rates MCP server security on a 0–10 scale where 0 = safe and 10 = critical.


The score combines severity-weighted findings (critical×10, high×7, medium×4, low×1) divided by tool count, multiplied by a density factor (capped between 0.5× and 2.0×). The result is clamped to 10.0 and mapped to a letter grade:


A 0.0–0.9   B 1.0–2.9   C 3.0–4.9   D 5.0–6.9   F 7.0–10.0


Hash: SHA-256 of the alphabetically sorted tool names, used to detect tool-list changes across scans (drift detection).


Scope: schema = tool schemas analyzed, fingerprint = tool signature comparison, cve = known-vulnerability matching against OSV/GitHub Advisory.

Submit a Server for Scanning ▾
Enterprise Integration ▾

SOC/SIEM ingestion: Export findings as SARIF v2.1.0 via the Download button on each server detail page. Ingest into Splunk (SARIF add-on), Elastic Security (via sarif-to-elastic pipeline), or Microsoft Sentinel (Logic Apps SARIF connector).


Automated monitoring: Poll data.json weekly and diff tool hashes to detect silent additions. Use mcpradar audit diff to compare snapshots programmatically.


Detailed guides: Enterprise Integration docs

Loading…
Threat Landscape ▾
Grade Distribution
Top Vulnerabilities
Grade:
Rank Server Risk 0→10 Grade Trend Scope Tools Findings Scanned Hash