B
GitHub MCP Server
Official GitHub MCP server providing repository, issue, PR, actions, and security tools for GitHub.
Overall Score80/100
Score Breakdown
Server Info
- Package
- ghcr.io/github/github-mcp-server
- Registry
- oci
- Repository
- github/github-mcp-server
- Maintainer
- GitHubVendor
- Category
- Developer Tools
- Tags
- gitreposissuespull-requests
- Last Scanned
- 7 Apr 2026
Findings
5 issuesAuthentication & Identity
MEDIUMHTTP/SSE transport supports per-request credentials
Stdio transport with PAT env var for local use. Also supports remote streamable-http via api.githubcopilot.com with bearer token. No MCP OAuth spec implementation in the open-source server itself; the remote endpoint handles auth separately.
Remediation
Implement the MCP OAuth spec so users authenticate directly without platform mediation.
Tool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: mark_all_notifications_read.
Remediation
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 15 of 79 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Remediation
Add constraints to string parameters, especially on write operations.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remediation
Remove instructional language. Descriptions should be purely factual.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Remediation
Implement field selection to return only relevant fields.
Tools
79 total| Name | Description | Risk |
|---|---|---|
| get_me | Get details of the authenticated GitHub user. Use this when a request is about the user's own profile for GitHub. Or when information is missing to build other tool calls. | read |
| get_teams | Get details of the teams the user is a member of. Limited to organizations accessible with current credentials | read |
| get_team_members | Get member usernames of a specific team in an organization. Limited to organizations accessible with current credentials | read |
| search_repositories | Find GitHub repositories by name, description, readme, topics, or other metadata. Perfect for discovering projects, finding examples, or locating specific repositories across GitHub. | read |
| get_file_contents | Get the contents of a file or directory from a GitHub repository | read |
| list_commits | Get list of commits of a branch in a GitHub repository | read |
| search_code | Fast and precise code search across ALL GitHub repositories using GitHub's native search engine. | read |
| get_commit | Get details for a commit from a GitHub repository | read |
| list_branches | List branches in a GitHub repository | read |
| list_tags | List git tags in a GitHub repository | read |
| get_tag | Get details about a specific git tag in a GitHub repository | read |
| list_releases | List releases in a GitHub repository | read |
| get_latest_release | Get the latest release in a GitHub repository | read |
| get_release_by_tag | Get a specific release by its tag name in a GitHub repository | read |
| create_or_update_file | Create or update a single file in a GitHub repository. | write |
| create_repository | Create a new GitHub repository in your account or specified organization | write |
| fork_repository | Fork a GitHub repository to your account or specified organization | write |
| create_branch | Create a new branch in a GitHub repository | write |
| push_files | Push multiple files to a GitHub repository in a single commit | write |
| delete_file | Delete a file from a GitHub repository | write |
| list_starred_repositories | List starred repositories | read |
| star_repository | Star a GitHub repository | write |
| unstar_repository | Unstar a GitHub repository | write |
| get_repository_tree | Get the tree structure (files and directories) of a GitHub repository at a specific ref or SHA | read |
| issue_read | Get information about a specific issue in a GitHub repository. | read |
| search_issues | Search for issues in GitHub repositories using issues search syntax already scoped to is:issue | read |
| list_issues | List issues in a GitHub repository. | read |
| list_issue_types | List supported issue types for repository owner (organization). | read |
| issue_write | Create a new or update an existing issue in a GitHub repository. | write |
| add_issue_comment | Add a comment to a specific issue in a GitHub repository. | write |
| sub_issue_write | Add a sub-issue to a parent issue in a GitHub repository. | write |
| search_users | Find GitHub users by username, real name, or other profile information. | read |
| search_orgs | Find GitHub organizations by name, location, or other organization metadata. | read |
| pull_request_read | Get information on a specific pull request in GitHub repository. | read |
| list_pull_requests | List pull requests in a GitHub repository. | read |
| search_pull_requests | Search for pull requests in GitHub repositories using issues search syntax already scoped to is:pr | read |
| merge_pull_request | Merge a pull request in a GitHub repository. | write |
| update_pull_request_branch | Update the branch of a pull request with the latest changes from the base branch. | write |
| create_pull_request | Create a new pull request in a GitHub repository. | write |
| update_pull_request | Update an existing pull request in a GitHub repository. | write |
| pull_request_review_write | Create and/or submit, delete review of a pull request. | write |
| add_comment_to_pending_review | Add review comment to the requester's latest pending pull request review. | write |
| add_reply_to_pull_request_comment | Add a reply to an existing pull request comment. | write |
| assign_copilot_to_issue | Assign GitHub Copilot coding agent to work on an issue. | write |
| request_copilot_review | Request a GitHub Copilot code review for a pull request. | write |
| get_code_scanning_alert | Get details of a specific code scanning alert in a GitHub repository. | read |
| list_code_scanning_alerts | List code scanning alerts in a GitHub repository. | read |
| get_secret_scanning_alert | Get details of a specific secret scanning alert in a GitHub repository. | read |
| list_secret_scanning_alerts | List secret scanning alerts in a GitHub repository. | read |
| get_dependabot_alert | Get details of a specific dependabot alert in a GitHub repository. | read |
| list_dependabot_alerts | List dependabot alerts in a GitHub repository. | read |
| list_notifications | List notifications for the authenticated user. | read |
| get_notification_details | Get detailed information for a specific GitHub notification. | read |
| dismiss_notification | Dismiss a notification by marking it as read or done | write |
| mark_all_notifications_read | Mark all notifications as read | write |
| manage_notification_subscription | Manage a notification subscription: ignore, watch, or delete a notification thread subscription. | write |
| manage_repository_notification_subscription | Manage a repository notification subscription. | write |
| list_discussions | List discussions for a repository or organisation. | read |
| get_discussion | Get a specific discussion by ID | read |
| get_discussion_comments | Get comments from a discussion | read |
| list_discussion_categories | List discussion categories with their id and name, for a repository or organisation. | read |
| actions_list | List GitHub Actions resources: workflows, workflow runs, workflow jobs. | read |
| actions_get | Get details about specific GitHub Actions resources. | read |
| actions_run_trigger | Trigger GitHub Actions workflow operations, including running, re-running, cancelling workflow runs, and deleting workflow run logs. | write |
| get_job_logs | Get logs for GitHub Actions workflow jobs. | read |
| list_global_security_advisories | List global security advisories from GitHub. | read |
| get_global_security_advisory | Get a global security advisory | read |
| list_repository_security_advisories | List repository security advisories for a GitHub repository. | read |
| list_org_repository_security_advisories | List repository security advisories for a GitHub organization. | read |
| list_gists | List gists for a user | read |
| get_gist | Get gist content of a particular gist, by gist ID | read |
| create_gist | Create a new gist | write |
| update_gist | Update an existing gist | write |
| projects_list | List projects available in a GitHub organization. | read |
| projects_get | Get details about specific GitHub Projects resources. | read |
| projects_write | Add, update, or delete project items, or create status updates in a GitHub Project. | write |
| get_label | Get a specific label from a repository. | read |
| list_labels | List labels from a repository | read |
| label_write | Perform write operations on repository labels. | write |
Deploy GitHub MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow