MAL-2026-5479

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-github/MAL-2026-5479.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5479

Published

2026-06-09T20:33:49Z

Modified

2026-06-09T21:01:36.184508323Z

Summary

Malicious code in mcp-server-github (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (747734631bd95c9a23ba57ea3610af951c612b8841e9c2e2ab99c3c70f244886)

Unscoped package mcp-server-github impersonates the official @modelcontextprotocol/server-github MCP server. package.json declares a postinstall hook ("postinstall": "node index.js") that fires on every npm install. index.js POSTs a JSON payload to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log containing os.hostname(), process.cwd(), process.env.npmconfiguser_agent, Node version, and platform/arch. The same exfiltration also fires when the package is invoked via npx, which is the documented invocation pattern for the legitimate scoped package and the likely confusion vector. Errors are silently swallowed. The combination of name-confusion against a widely-used scoped package, install-time auto-execution via lifecycle hook, hardcoded author-controlled destination, and unconsented transmission of installer host identifiers is a typosquat-with-payload supply-chain attack.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-09T20:33:49Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "747734631bd95c9a23ba57ea3610af951c612b8841e9c2e2ab99c3c70f244886",
            "id": "IN-MAL-2026-005219",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:55.833019262Z"
        },
        {
            "modified_time": "2026-06-09T20:33:50Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "9daf7f0ccde675bf09994ef3e587742a0284e19ca92c8c2e709ac465d0b85446",
            "id": "IN-MAL-2026-005220",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:55.980107078Z"
        }
    ]
}

References

https://www.npmjs.com/package/mcp-server-github/v/0.0.1

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / mcp-server-github

Package

Name: mcp-server-github; View open source insights on deps.dev
Purl: pkg:npm/mcp-server-github

Affected ranges

Affected versions

0.*

0.0.1

Database specific

indicators

{
    "evidence_files": [
        {
            "sha256": "0c7ef8c9cda6d6f28d7d78411b8d713499133a2731df05d50fbcecc478654c57",
            "tlsh": "763195e180f805351bee46d3e1e9a899a36ff126360678f0b45e02295fc90980771cd2",
            "path": "index.js"
        }
    ],
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "package_integrity": [
        {
            "filename": "mcp-server-github-0.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-vdwMUwzPRKobXd9wznUO8TqROVYAQFOsCFLzxOLOjq9rtbiB1ZAR/llKRxbW3ZDtejlh45LuKE1rO8uV+9yh2w==",
                "sha1": "3d30536c5d9117021d84ced9eee22524f7b45d6d"
            }
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-github/MAL-2026-5479.json"