CVE-2021-40978: The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. Seems unreported upstream, but I'm unconvinced they'll care about this anyway.
Not a real security issue according to upstream. https://github.com/mkdocs/mkdocs/issues/2601