VDB

GCVE-110-OSM-2025-20

GCVE-110-OSM-2025-20
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published September 1, 2025
Malicious code in github-orca (RubyGems) The OpenSSF Package Analysis project identified 'github-orca' @ 0.0.20.1626.gb0c19ef3 (rubygems) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
OpenSSF: Package Analysisgithub-orcaall (affected), all (affected), all (affected), all (affected), * (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected)

References

vendor
advisory

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›