SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalnpm·malware·osv

Malicious code in brave-search-mcp-server (npm)

brave-search-mcp-server

Published Jun 3, 2026, 08:50 AM

Risk score

92

AI summary

Indexed incident for brave-search-mcp-server (npm).

Description

The OpenSSF Package Analysis project identified 'brave-search-mcp-server' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Technical details

Indicators

affected version<function fixed() { [native code] }75%

Timeline

Jun 3, 08:50 AMAdvisory published
Jun 4, 06:41 AMIndexed by ThreatPkg

Related incidents