B
GitHub MCP Server
Official GitHub MCP server providing tools for repositories, issues, pull requests, code scanning, secret scanning, Dependabot, discussions, actions, gists, projects, and more.
Overall Score83/100
Score Breakdown
Server Info
- Package
- ghcr.io/github/github-mcp-server
- Registry
- ghcr
- Repository
- github/github-mcp-server
- Maintainer
- GitHubVendor
- Category
- Developer Tools
- Tags
- gitreposissuespull-requests
- Last Scanned
- 28 May 2026
Findings
5 issuesTool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: mark_all_notifications_read.
Remediation
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 9 of 87 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Remediation
Add constraints to string parameters, especially on write operations.
Permission Granularity
MEDIUM3 tools combine read and write operations
Read/write separation is clear with ReadOnlyHint annotations set correctly. ReadOnly config flag strips all non-read-annotated tools from the inventory at startup. Toolset system provides fine-grained category-level enablement (repos, issues, pull_requests, discussions, actions, code_security, secret_protection, dependabot, notifications, gists, projects, labels, orgs, users, git). Destructive ops (delete_file, merge_pull_request, label_write delete mode, discussion_comment_write delete mode) are isolated in distinct named tools. LockdownMode validates content safety before exposing untrusted user content.
Remediation
Split into separate read and write tools.
Data Exposure
MEDIUM5 list operations lack pagination
Most list operations use WithPagination() helper adding typed page/perPage params. Cursor-based pagination (after param) supported on get_review_comments in pull_request_read and list_discussions. ContentWindowSize config limits response sizes. Full JSON objects returned with no field-selection support. CSV output mode available for some list operations.
Remediation
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Remediation
Implement field selection to return only relevant fields.
Tools
87 total| Name | Description | Risk |
|---|---|---|
| get_me | Get details of the authenticated GitHub user | read |
| get_teams | Get the teams within an organization that the authenticated user belongs to | read |
| get_team_members | Get members of a GitHub team | read |
| search_repositories | Search for GitHub repositories using a query | read |
| get_file_contents | Get the contents of a file or directory in a GitHub repository | read |
| list_commits | Get list of commits of a branch in a GitHub repository | read |
| search_code | Search for code across GitHub repositories | read |
| search_commits | Search for commits across GitHub repositories | read |
| get_commit | Get details for a commit from a GitHub repository | read |
| list_branches | List branches in a GitHub repository | read |
| list_tags | List tags in a GitHub repository | read |
| get_tag | Get details about a specific tag in a GitHub repository | read |
| list_releases | List releases in a GitHub repository | read |
| get_latest_release | Get the latest published full release for a repository | read |
| get_release_by_tag | Get a release by tag name in a GitHub repository | read |
| create_or_update_file | Create or update a single file in a GitHub repository | write |
| create_repository | Create a new GitHub repository in your account or specified organization | write |
| fork_repository | Fork a GitHub repository to your account or specified organization | write |
| create_branch | Create a new branch in a GitHub repository | write |
| push_files | Push multiple files to a GitHub repository in a single commit | write |
| delete_file | Delete a file from a GitHub repository | write |
| list_starred_repositories | List repositories starred by a user | read |
| star_repository | Star a GitHub repository for the authenticated user | write |
| unstar_repository | Unstar a GitHub repository for the authenticated user | write |
| list_repository_collaborators | List collaborators of a GitHub repository. Results are paginated; the response includes nextPage, prevPage, firstPage, and lastPage fields. To get the next page, use the nextPage value as the page parameter. | read |
| get_repository_tree | Get the file tree of a GitHub repository | read |
| issue_read | Get information about an issue in GitHub repository | read |
| search_issues | Search for GitHub issues and pull requests | read |
| list_issues | List issues in a GitHub repository with filtering options | read |
| list_issue_types | List the issue types available in a GitHub repository | read |
| list_issue_fields | List available fields for issues in a GitHub repository | read |
| issue_write | Create or update an issue in a GitHub repository | write |
| add_issue_comment | Add a comment to a GitHub issue | write |
| sub_issue_write | Add or remove sub-issues from a GitHub issue | write |
| search_users | Search for GitHub users | read |
| search_orgs | Search for GitHub organizations | read |
| pull_request_read | Get information on a specific pull request in GitHub repository. | read |
| list_pull_requests | List and filter repository pull requests | read |
| search_pull_requests | Search for pull requests across GitHub repositories | read |
| merge_pull_request | Merge a pull request in a GitHub repository | write |
| update_pull_request_branch | Update a pull request branch with the latest changes from the base branch | write |
| create_pull_request | Create a new pull request in a GitHub repository | write |
| update_pull_request | Update a pull request in a GitHub repository | write |
| pull_request_review_write | Create, submit, or update a review on a GitHub pull request | write |
| add_comment_to_pending_review | Add a comment to a pending pull request review on GitHub | write |
| add_reply_to_pull_request_comment | Add a reply to an existing pull request review comment on GitHub | write |
| assign_copilot_to_issue | Assign GitHub Copilot to work on an issue | write |
| request_copilot_review | Request a Copilot review of a pull request | write |
| get_code_scanning_alert | Get details of a specific code scanning alert in a GitHub repository | read |
| list_code_scanning_alerts | List code scanning alerts for a GitHub repository | read |
| get_secret_scanning_alert | Get details of a specific secret scanning alert in a GitHub repository | read |
| list_secret_scanning_alerts | List secret scanning alerts for a GitHub repository | read |
| get_dependabot_alert | Get details of a specific Dependabot alert in a GitHub repository | read |
| list_dependabot_alerts | List Dependabot alerts for a GitHub repository | read |
| list_notifications | List all GitHub notifications for the authenticated user | read |
| get_notification_details | Get detailed information for a specific GitHub notification | read |
| dismiss_notification | Dismiss a notification as done or unsubscribe from it on GitHub | write |
| mark_all_notifications_read | Mark all GitHub notifications as read | write |
| manage_notification_subscription | Manage a GitHub notification subscription for a specific thread | write |
| manage_repository_notification_subscription | Manage a notification subscription for a GitHub repository | write |
| list_discussions | List discussions for a repository or organisation. | read |
| get_discussion | Get a specific discussion by ID | read |
| get_discussion_comments | Get comments for a specific GitHub discussion | read |
| discussion_comment_write | Add, update, or delete a comment on a GitHub discussion | write |
| list_discussion_categories | List discussion categories for a repository | read |
| actions_list | List GitHub Actions workflows or workflow runs for a repository | read |
| actions_get | Get details of a GitHub Actions workflow or workflow run | read |
| actions_run_trigger | Trigger a GitHub Actions workflow run | write |
| actions_get_job_logs | Get logs for a GitHub Actions workflow job | read |
| list_global_security_advisories | List global security advisories from the GitHub Advisory Database | read |
| get_global_security_advisory | Get details of a specific global security advisory | read |
| list_repository_security_advisories | List security advisories for a GitHub repository | read |
| list_org_repository_security_advisories | List security advisories for all repositories in a GitHub organization | read |
| list_gists | List gists for the authenticated user or another user | read |
| get_gist | Get a specific GitHub Gist by ID | read |
| create_gist | Create a new GitHub Gist with one or more files | write |
| update_gist | Update an existing GitHub Gist | write |
| projects_list | List GitHub Projects for a user or organization | read |
| projects_get | Get details of a specific GitHub Project | read |
| projects_write | Create, update, or modify a GitHub Project and its items | write |
| get_label | Get a label from a GitHub repository | read |
| list_labels | List labels for a GitHub repository | read |
| label_write | Create, update, or delete a label in a GitHub repository | write |
| subscribe_pr_activity | Subscribe to activity on a pull request | write |
| unsubscribe_pr_activity | Unsubscribe from activity on a pull request | write |
| resolve_review_thread | Resolve a review thread on a GitHub pull request | write |
| unresolve_review_thread | Unresolve a review thread on a GitHub pull request | write |
Deploy GitHub MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow