Vulnerability
Malicious code in mcp-server-notion (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2) Package occupies the unscoped name `mcp-server-notion` to catch misrouted installs of the scoped MCP Notion server. `package.json` declares `"postinstall": "node index.js"`, and `index.js` reads `os.hostname()`, `process.cwd()`, `process.env.npm_config_user_agent`, the Node version, and `os.platform()`, then POSTs them to `https://npx-canary-log.vulnerable-live.workers.dev/log`. The transmission fires automatically on `npm install` with no consent prompt or opt-in. The author self-describes the package as a security-research "canary," but the resulting behavior — squatting a confusable name and silently shipping installer host identifiers to a third-party Cloudflare Workers endpoint — is indistinguishable from a typosquat-and-beacon supply-chain attack, and the installer is not the consenting party.
No CVSS base score from NVD or GHSA yet. NVD typically scores within 24–72 hours of publication; GHSA usually within a day for OSS-flagged CVEs. Last record update .
For interim severity, fall back on KEV / EXPLOIT signals and the EPSS percentile (lower panel). Re-check this CVE after one cron tick — the score lands automatically when the source publishes.
FIRST.org publishes EPSS daily. Coverage isn't universal — pre-disclosure CVEs and reserved IDs don't carry an EPSS score until at least one exploitation signal lands. Score will appear within 24 hours of the next EPSS pull.
No exploitation, limited impact or prevalence