VDB
GCVE-110-OSM-2026-2540
GCVE-110-OSM-2026-2540
Advisory PublishedCVSS 8.8/10
Malicious package detected.
Payload: pypi/aquiles-image@0.6.1/aquilesimage/templates/index.html
Secondary files: pypi/aquiles-image@0.6.1/aquilesimage/runtime/worker_manager.py
Key findings:
- Clipboard Access in pypi/aquiles-image@0.6.1/aquilesimage/templates/index.html: "navigator.clipboard.writeText"
IOCs:
- urls: http://www.apache.org/licenses/, http://www.apache.org/licenses/LICENSE-2.0, https://fastapi.tiangolo.com, https://aquiles-ai.github.io/aquiles-image-docs/, https://deepwiki.com/Aquiles-ai/Aquiles-Image (+10 more)
- domains: www.apache.org, res.cloudinary.com, fastapi.tiangolo.com, static.pepy.tech, aquiles-ai.github.io (+23 more)
- payloadFileHash: 1685f5b7f4c8e9376ced583f1231f8d1be63624651e75a7fa75dc08d8ec2fd14
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | aquiles-image | all (affected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.