VDB
GCVE-110-OSM-2026-1815
GCVE-110-OSM-2026-1815
Advisory PublishedCVSS 9.6/10
Malicious code embedded in repository, this code is capable of communicating with attacker controlled C2 and delivering malware on user's device.
The payload embedded in the code uses base64 encoded JavaScript when decoded uses APTOS and Tron blockchain addresses as C2.
These addresses match with PolinRider campaign reported by OSM.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.