Vulnerability
Malicious code in mcp-server-postgres (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f0b86cc4cf49b5d6cda37126f6a0c7c9f9fec648eb4d4743b6f39423613d3122) Package squats the unscoped name `mcp-server-postgres` (impersonating the official scoped MCP postgres server). package.json declares `"postinstall": "node index.js"`, which fires unconditionally on `npm install`. index.js loads `os`, `https`, and `http`, then POSTs a JSON body containing `os.hostname()`, `process.cwd()`, the npm user-agent, Node version, and `os.platform()` to a hardcoded Cloudflare Workers endpoint at `https://npx-canary-log.vulnerable-live.workers.dev/log`. Installers and CI systems running `npm install` or `npx mcp-server-postgres` leak host identifiers and working-directory paths to a third-party endpoint without consent. Although the author self-describes the package as a 'canary' for npx-confusion research, the typosquat name combined with unsolicited install-time host telemetry exfiltration constitutes a supply-chain attack against installers.
No CVSS base score from NVD or GHSA yet. NVD typically scores within 24–72 hours of publication; GHSA usually within a day for OSS-flagged CVEs. Last record update .
For interim severity, fall back on KEV / EXPLOIT signals and the EPSS percentile (lower panel). Re-check this CVE after one cron tick — the score lands automatically when the source publishes.
FIRST.org publishes EPSS daily. Coverage isn't universal — pre-disclosure CVEs and reserved IDs don't carry an EPSS score until at least one exploitation signal lands. Score will appear within 24 hours of the next EPSS pull.
No exploitation, limited impact or prevalence