VDB
GCVE-110-OSM-2025-297
GCVE-110-OSM-2025-297
Advisory PublishedCVSS 8.8/10
PolinRider (DPRK) malicious fork staged for upstream injection. tailwind.config.js contains the PolinRider obfuscated payload (signature: "rmcej%otb%",2857687, tag 8-1489-2). Open PR #1 to parent aashwani106/moody-dashboard attempts to push payload upstream. Parent is currently clean.
=== MALICIOUS FORK STAGING UPSTREAM INJECTION ===
Attack type: Fork-and-PR upstream injection (payload delivery repo)
Fork repo: RAHULTALWAR123/moody-dashboard
Parent repo: aashwani106/moody-dashboard (0 stars, clean)
Fork created: 2025-10-13
Most recent push: 2026-03-28
=== PAYLOAD ===
Infected file: tailwind.config.js
Signature: global['!']='8-1489-2'; var _$_1e42=(function(l,e){...})("rmcej%otb%",2857687)
=== DELIVERY ===
Open PR: https://github.com/aashwani106/moody-dashboard/pull/1
Delivery status: pending maintainer review
=== AUTHOR ===
RAHULTALWAR123 (Rahul) — 2022-12-06 account, 27 public repos, 0 followers. Real developer account, likely compromised.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.