{"id":11862189,"name":"github.com/modelcontextprotocol/go-sdk","ecosystem":"go","description":"","homepage":"https://github.com/modelcontextprotocol/go-sdk","licenses":"Apache-2.0,CC-BY-4.0,MIT","normalized_licenses":["Apache-2.0","CC-BY-4.0","MIT"],"repository_url":"https://github.com/modelcontextprotocol/go-sdk","keywords_array":[],"namespace":"github.com/modelcontextprotocol","versions_count":26,"first_release_published_at":"2025-07-01T17:49:23.000Z","latest_release_published_at":"2026-05-22T11:30:38.000Z","latest_release_number":"v1.6.1","last_synced_at":"2026-06-13T01:11:10.864Z","created_at":"2025-07-02T10:35:30.370Z","updated_at":"2026-06-14T00:11:01.088Z","registry_url":"https://pkg.go.dev/github.com/modelcontextprotocol/go-sdk","install_command":"go get github.com/modelcontextprotocol/go-sdk","documentation_url":"https://pkg.go.dev/github.com/modelcontextprotocol/go-sdk#section-documentation","metadata":{},"repo_metadata":{"id":301224744,"uuid":"971300888","full_name":"modelcontextprotocol/go-sdk","owner":"modelcontextprotocol","description":"The official Go SDK for Model Context Protocol servers and clients. Maintained in collaboration with Google.","archived":false,"fork":false,"pushed_at":"2025-09-18T17:31:54.000Z","size":3039,"stargazers_count":2102,"open_issues_count":51,"forks_count":179,"subscribers_count":31,"default_branch":"main","last_synced_at":"2025-09-18T18:24:15.339Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/modelcontextprotocol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-23T10:07:33.000Z","updated_at":"2025-09-18T18:04:02.000Z","dependencies_parsed_at":"2025-07-11T23:23:40.468Z","dependency_job_id":"203a593f-1823-439b-ae74-b15b95f96aee","html_url":"https://github.com/modelcontextprotocol/go-sdk","commit_stats":null,"previous_names":["modelcontextprotocol/go-sdk"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/modelcontextprotocol/go-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/modelcontextprotocol","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276127714,"owners_count":25589877,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-20T02:00:10.207Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"modelcontextprotocol","name":"Model Context Protocol","uuid":"182288589","kind":"organization","description":"An open protocol that enables seamless integration between LLM applications and external data sources and tools.","email":null,"website":"https://modelcontextprotocol.io","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/182288589?v=4","repositories_count":1,"last_synced_at":"2024-11-25T17:24:25.305Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/modelcontextprotocol","funding_links":[],"total_stars":0,"followers":40,"following":0,"created_at":"2024-11-25T17:24:25.327Z","updated_at":"2024-11-25T17:24:25.327Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/modelcontextprotocol","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/modelcontextprotocol/repositories"},"tags":[{"name":"v0.5.0","sha":"c2c810bf40eb390df87680736fa9efd642b399dc","kind":"commit","published_at":"2025-09-12T16:00:54.000Z","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/v0.5.0","html_url":"https://github.com/modelcontextprotocol/go-sdk/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/modelcontextprotocol/go-sdk@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.5.0/manifests"},{"name":"v0.4.0","sha":"4656930de8ce967845da3e16c6afe31b260d66a4","kind":"commit","published_at":"2025-09-05T20:57:02.000Z","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/v0.4.0","html_url":"https://github.com/modelcontextprotocol/go-sdk/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/modelcontextprotocol/go-sdk@v0.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.4.0/manifests"},{"name":"v0.3.1","sha":"8f11a868987f493ed074b2297a4c7bf8a2003939","kind":"commit","published_at":"2025-08-29T19:28:05.000Z","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/v0.3.1","html_url":"https://github.com/modelcontextprotocol/go-sdk/releases/tag/v0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/modelcontextprotocol/go-sdk@v0.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.3.1/manifests"},{"name":"v0.3.0","sha":"f37e549e2584381b023db70df02cdfe5a586c16d","kind":"commit","published_at":"2025-08-22T20:03:15.000Z","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/v0.3.0","html_url":"https://github.com/modelcontextprotocol/go-sdk/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/modelcontextprotocol/go-sdk@v0.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.3.0/manifests"},{"name":"v0.2.0","sha":"78a66a438a4ef06fa50c8e5d6c559669f26ccd3b","kind":"commit","published_at":"2025-07-11T12:08:14.000Z","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/v0.2.0","html_url":"https://github.com/modelcontextprotocol/go-sdk/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/modelcontextprotocol/go-sdk@v0.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.2.0/manifests"},{"name":"v0.1.0","sha":"9b6327b3b7b3d8e57e74b59b509cceca3754e91d","kind":"commit","published_at":"2025-07-01T17:49:23.000Z","download_url":"https://codeload.github.com/modelcontextprotocol/go-sdk/tar.gz/v0.1.0","html_url":"https://github.com/modelcontextprotocol/go-sdk/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/modelcontextprotocol/go-sdk@v0.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2026-05-31T03:15:06.482Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":5.669780822233416,"dependent_packages_count":5.312670504468068,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":5.4912256633507415},"purl":"pkg:golang/github.com/modelcontextprotocol/go-sdk","advisories":[{"uuid":"GSA_kwCzR0hTQS14dzU5LWh2bTItOHBqNs4ABUk1","url":"https://github.com/advisories/GHSA-xw59-hvm2-8pj6","title":"DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost","description":"The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with `StreamableHTTPHandler` or `SSEHandler`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.\n\nNote that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.\n\nServers created via `StreamableHTTPHandler` or `SSEHandler` now have this protection enabled by default when binding to `localhost`. Users are advised to update to version `1.4.0` to receive this automatic protection.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-01T21:09:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-xw59-hvm2-8pj6","https://nvd.nist.gov/vuln/detail/CVE-2026-34742","https://github.com/modelcontextprotocol/go-sdk/pull/760","https://github.com/modelcontextprotocol/go-sdk/commit/67bd3f2e2b53ce11a16db8d976cdb8ff1e986b6d","https://github.com/modelcontextprotocol/go-sdk/releases/tag/v1.4.0","https://github.com/advisories/GHSA-xw59-hvm2-8pj6"],"source_kind":"github","identifiers":["GHSA-xw59-hvm2-8pj6","CVE-2026-34742"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-01T22:00:08.746Z","updated_at":"2026-06-10T15:01:39.636Z","epss_percentage":0.00029,"epss_percentile":0.08846,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dzU5LWh2bTItOHBqNs4ABUk1","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14dzU5LWh2bTItOHBqNs4ABUk1","packages":[{"ecosystem":"go","package_name":"github.com/modelcontextprotocol/go-sdk","versions":[{"first_patched_version":"1.4.0","vulnerable_version_range":"\u003c 1.4.0"}],"purl":"pkg:go/github.com%2Fmodelcontextprotocol%2Fgo-sdk"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dzU5LWh2bTItOHBqNs4ABUk1/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04OXh2LTJqNmYtcWhjOM4ABT3L","url":"https://github.com/advisories/GHSA-89xv-2j6f-qhc8","title":"Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk","description":"The Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header and without requiring `Content-Type: application/json`. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.\n\n#### Impact:\n\nA malicious website may have been able to send cross-site POST requests with `Content-Type: text/plain`, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.\n\n#### Fix:\n\nThe SDK was modified to perform `Content-Type` header validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.\n\nNote: v1.4.1 requires Go 1.25 or later.\n\n#### Credits:\n\nThank you to Lê Minh Quân for reporting the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-03-19T16:42:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.1,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L","references":["https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-89xv-2j6f-qhc8","https://github.com/modelcontextprotocol/go-sdk/commit/a433a831d6e5d5ac3b9e625a8095aa8eaa040dfc","https://nvd.nist.gov/vuln/detail/CVE-2026-33252","https://github.com/advisories/GHSA-89xv-2j6f-qhc8"],"source_kind":"github","identifiers":["GHSA-89xv-2j6f-qhc8","CVE-2026-33252"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-19T17:00:09.196Z","updated_at":"2026-05-31T18:01:24.713Z","epss_percentage":0.00009,"epss_percentile":0.00878,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04OXh2LTJqNmYtcWhjOM4ABT3L","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04OXh2LTJqNmYtcWhjOM4ABT3L","packages":[{"ecosystem":"go","package_name":"github.com/modelcontextprotocol/go-sdk","versions":[{"first_patched_version":"1.4.1","vulnerable_version_range":"\u003c= 1.4.0"}],"purl":"pkg:go/github.com%2Fmodelcontextprotocol%2Fgo-sdk"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04OXh2LTJqNmYtcWhjOM4ABT3L/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xMzgyLXZjOHEtN2poas4ABT2q","url":"https://github.com/advisories/GHSA-q382-vc8q-7jhj","title":"Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk","description":"The Go SDK recently transitioned to the `segmentio/encoding` library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with `null` Unicode characters appended at the end as equivalent to their base strings.\n\n#### Impact\n\nWhen combined with duplicate keys, the described behavior leads to a \"last key wins\" resolution that could override the intended MCP message. This had the potential for:\n  - **Bypassing intermediary inspection:** Proxies or policy layers that matched on exact field names may have failed to detect or filter these messages.\n  - **Cross-implementation inconsistency:** Other MCP SDKs (TypeScript, Python) use case-sensitive parsing and would reject the same messages, creating potential security-boundary confusion.\n\n####  Fix:\n\nThe `segmentio/encoding` package was patched with a fix in https://github.com/segmentio/encoding/commit/7d5a25dbc5da13aed3cb047a127e4d0e96f536fb and a new version of the package was released (`v0.5.4`). The SDK switched to the patched version of the dependency in 724dd47aa. Users are advised to update to v1.4.1 to resolve this issue.\n\n#### Credits:\nThank you to Francesco Lacerenza (Doyensec) for reporting this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-03-19T12:44:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N","references":["https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-q382-vc8q-7jhj","https://github.com/modelcontextprotocol/go-sdk/commit/724dd47aa3431b9d4cf9ac2eebbf7b38a629afca","https://github.com/segmentio/encoding/commit/7d5a25dbc5da13aed3cb047a127e4d0e96f536fb","https://github.com/advisories/GHSA-q382-vc8q-7jhj"],"source_kind":"github","identifiers":["GHSA-q382-vc8q-7jhj"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-19T13:00:11.279Z","updated_at":"2026-05-30T19:01:30.546Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMzgyLXZjOHEtN2poas4ABT2q","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xMzgyLXZjOHEtN2poas4ABT2q","packages":[{"ecosystem":"go","package_name":"github.com/modelcontextprotocol/go-sdk","versions":[{"first_patched_version":"1.4.1","vulnerable_version_range":"\u003c= 1.4.0"}],"purl":"pkg:go/github.com%2Fmodelcontextprotocol%2Fgo-sdk"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMzgyLXZjOHEtN2poas4ABT2q/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13dmoyLTk2d3AtZnEzZs4ABS3u","url":"https://github.com/advisories/GHSA-wvj2-96wp-fq3f","title":"MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity","description":"The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc. Additionally, Go's standard library folds the Unicode characters ſ (U+017F) and K (U+212A) to their ASCII equivalents s and k, meaning fields like \"paramſ\" would match \"params\". This violated the JSON-RPC 2.0 specification, which defines exact field names.\n\n#### Impact:\n\nA malicious MCP peer may have been able to send protocol messages with non-standard field casing (e.g., \"Method\" instead of \"method\") that the SDK would silently accept. This had the potential for:\n  - **Bypassing intermediary inspection:** Proxies or policy layers that matched on exact field names may have failed to detect or filter these messages.\n  - **Cross-implementation inconsistency:** Other MCP SDKs (TypeScript, Python) use case-sensitive parsing and would reject the same messages, creating potential security-boundary confusion.\n\n####  Fix:\n\nGo's standard JSON unmarshaling was replaced with a case-sensitive decoder (github.com/segmentio/encoding) in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.\n\n#### Credits:\nMCP Go SDK thanks Francesco Lacerenza (Doyensec) for reporting this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-02-26T22:20:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.0,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N","references":["https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f","https://nvd.nist.gov/vuln/detail/CVE-2026-27896","https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0","https://github.com/advisories/GHSA-wvj2-96wp-fq3f"],"source_kind":"github","identifiers":["GHSA-wvj2-96wp-fq3f","CVE-2026-27896"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-02-26T23:00:08.585Z","updated_at":"2026-06-13T23:01:53.530Z","epss_percentage":0.00045,"epss_percentile":0.14584,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dmoyLTk2d3AtZnEzZs4ABS3u","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13dmoyLTk2d3AtZnEzZs4ABS3u","packages":[{"ecosystem":"go","package_name":"github.com/modelcontextprotocol/go-sdk","versions":[{"first_patched_version":"1.3.1","vulnerable_version_range":"\u003c 1.3.1"}],"purl":"pkg:go/github.com%2Fmodelcontextprotocol%2Fgo-sdk","statistics":{"dependent_packages_count":0,"dependent_repos_count":0,"downloads":null,"downloads_period":null},"affected_versions":["v0.1.0","v0.2.0","v0.3.0","v0.3.1","v0.4.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v1.0.0","v1.1.0","v1.1.0-pre.1","v1.1.0-pre.2","v1.2.0","v1.2.0-pre.1","v1.2.0-pre.2","v1.3.0","v1.3.0-pre.1"],"unaffected_versions":["v1.3.1","v1.4.0","v1.4.1","v1.5.0","v1.6.0","v1.6.1"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dmoyLTk2d3AtZnEzZs4ABS3u/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/modelcontextprotocol/go-sdk","docker_dependents_count":1,"docker_downloads_count":11932,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/modelcontextprotocol/go-sdk","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/modelcontextprotocol/go-sdk/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-20T17:14:47.124Z","issues_count":147,"pull_requests_count":235,"avg_time_to_close_issue":743202.951807229,"avg_time_to_close_pull_request":199225.2658227848,"issues_closed_count":83,"pull_requests_closed_count":158,"pull_request_authors_count":48,"issue_authors_count":56,"avg_comments_per_issue":2.183673469387755,"avg_comments_per_pull_request":0.7063829787234043,"merged_pull_requests_count":140,"bot_issues_count":0,"bot_pull_requests_count":1,"past_year_issues_count":147,"past_year_pull_requests_count":235,"past_year_avg_time_to_close_issue":743202.951807229,"past_year_avg_time_to_close_pull_request":199225.2658227848,"past_year_issues_closed_count":83,"past_year_pull_requests_closed_count":158,"past_year_pull_request_authors_count":48,"past_year_issue_authors_count":56,"past_year_avg_comments_per_issue":2.183673469387755,"past_year_avg_comments_per_pull_request":0.7063829787234043,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":140,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelcontextprotocol%2Fgo-sdk/issues","maintainers":[{"login":"h9jiang","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/h9jiang"}],"active_maintainers":[{"login":"h9jiang","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/h9jiang"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmodelcontextprotocol%2Fgo-sdk/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmodelcontextprotocol%2Fgo-sdk/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmodelcontextprotocol%2Fgo-sdk/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmodelcontextprotocol%2Fgo-sdk/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmodelcontextprotocol%2Fgo-sdk/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmodelcontextprotocol%2Fgo-sdk/codemeta","maintainers":[]}