MAL-2026-5479
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-github/MAL-2026-5479.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2026-5479
- Published
- 2026-06-09T20:33:49Z
- Modified
- 2026-06-12T20:01:43.067442519Z
- Summary
- Malicious code in mcp-server-github (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958)
Package squats the unscoped name
mcp-server-githubto intercept installs intended for the official@modelcontextprotocol/server-github.package.jsondeclares"postinstall": "node index.js", so on everynpm installthe bundledindex.jsunconditionally POSTsos.hostname(),process.cwd(),process.env.npm_config_user_agent, Node version, andos.platform()tohttps://npx-canary-log.vulnerable-live.workers.dev/log. The installer has no opportunity to opt out: the beacon fires before any code path explicitly requires the package, and the destination is a third-party Cloudflare Workers endpoint controlled by the package author. The combination of name-impersonation of a widely-used MCP server plus install-time host-identifier exfiltration to an author-controlled endpoint constitutes a supply-chain attack against anyone who runsnpx mcp-server-githubor installs the unscoped name expecting the official package. - Database specific
{ "malicious-packages-origins": [ { "modified_time": "2026-06-09T20:33:49Z", "source": "amazon-inspector", "sha256": "747734631bd95c9a23ba57ea3610af951c612b8841e9c2e2ab99c3c70f244886", "id": "IN-MAL-2026-005219", "versions": [ "0.0.1" ], "import_time": "2026-06-09T20:45:55.833019262Z" }, { "modified_time": "2026-06-09T20:33:50Z", "source": "amazon-inspector", "sha256": "9daf7f0ccde675bf09994ef3e587742a0284e19ca92c8c2e709ac465d0b85446", "id": "IN-MAL-2026-005220", "import_time": "2026-06-09T20:45:55.980107078Z", "versions": [ "0.0.1" ] }, { "modified_time": "2026-06-12T19:04:48Z", "source": "amazon-inspector", "sha256": "156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958", "id": "IN-MAL-2026-005917", "versions": [ "0.0.2" ], "import_time": "2026-06-12T19:43:47.361683122Z" }, { "modified_time": "2026-06-12T19:04:48Z", "source": "amazon-inspector", "sha256": "eca472e83f3de851de270a0fec056eb713ee63407ff6df1d52dc8cf6a914d5c8", "id": "IN-MAL-2026-005918", "import_time": "2026-06-12T19:43:47.452813524Z", "versions": [ "0.0.2" ] } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / mcp-server-github
Package
- Name
- mcp-server-github
- View open source insights on deps.dev
- Purl
- pkg:npm/mcp-server-github
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-github/MAL-2026-5479.json"
cwes
[
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
},
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
}
]
indicators
{
"package_integrity": [
{
"filename": "mcp-server-github-0.0.1.tgz",
"hashes": {
"sha512_sri": "sha512-vdwMUwzPRKobXd9wznUO8TqROVYAQFOsCFLzxOLOjq9rtbiB1ZAR/llKRxbW3ZDtejlh45LuKE1rO8uV+9yh2w==",
"sha1": "3d30536c5d9117021d84ced9eee22524f7b45d6d"
}
}
],
"evidence_files": [
{
"sha256": "0c7ef8c9cda6d6f28d7d78411b8d713499133a2731df05d50fbcecc478654c57",
"tlsh": "763195e180f805351bee46d3e1e9a899a36ff126360678f0b45e02295fc90980771cd2",
"path": "index.js"
}
],
"domains": [
"npx-canary-log.vulnerable-live.workers.dev"
]
}