VDB
GCVE-110-OSM-2026-1427
GCVE-110-OSM-2026-1427
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration.
Payload: bin/audit.js
Key findings:
- System Information Exfiltration in bin/audit.js: "os.userInfo().username,
hostname: os.hostname(),
platform: os.platform(),
..."
- Sensitive File Access in bin/audit.js: "'.ssh/id_rsa'"
- Platform Detection with Data Collection in bin/audit.js: "JSON.stringify({env: envTargets, ks: keystoreFiles.length, hist: historyKeys.len..."
IOCs:
- urls: https://npmjs-security.com/advisories/NSEC-2026-0041\n
- domains: c.npmjs-security.com, npmjs-security.com
- payloadFileHash: 53e03f5e5b16845115c3e8a24a5ed588dcb9e5ff9d09a9343b40b377159303e6
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | nerite-security-audit | all (affected) | — |
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.