VDB

GCVE-110-OSM-2025-36

GCVE-110-OSM-2025-36
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published November 26, 2025
PolinRider upstream injection attempt. Compromised developer finom (172 followers, 14-year-old legitimate GitHub account) submitted PR #363 which injected PolinRider malware payload into project files. PR was caught and closed without merging. Attack type: PR-based upstream injection. Target: omar-dulaimi/prisma-zod-generator (popular Prisma Zod generator). PR: https://github.com/omar-dulaimi/prisma-zod-generator/pull/363. Author: finom (compromised - 172 followers, 90 repos, account since 2011). Status: CLOSED. Signature: rmcej otb 2857687. C2: trongrid.io. Notable: Attacker used a high-reputation compromised account for credibility.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected)

References

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›