VDB
GCVE-110-OSM-2026-3003
GCVE-110-OSM-2026-3003
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
Payload: src/postgres.js
Secondary files: .genie/scripts/helpers/bullet-id.js, bin/pgserve-wrapper.cjs
Key findings:
- Reconstructed Obfuscated URL in src/postgres.js: "https://registry.npmjs.org/@embedded-postgres/windows-x64"
- Dynamic Code Execution in .genie/scripts/helpers/analyze-commit.js: "exec(message)"
- Shell Command Execution in .genie/scripts/helpers/analyze-commit.js: "require('child_process')"
- Shell Command Execution in .genie/scripts/helpers/bullet-counter.js: "require('child_process')"
- Shell Command Execution in .genie/scripts/helpers/bullet-find.js: "require('child_process')"
IOCs:
- ipv4: 1.1.3.10
- ipv6: 1::, 2::
- urls: https://www.conventionalcommits.org/, https://forge.namastex.ai/tasks/abc123, https://docs.gitguardian.com/ggshield-docs/reference/gitguardian-yaml, https://namastex.ai, https://bun.sh/docs/runtime/bunfig (+4 more)
- domains: www.conventionalcommits.org, husky.sh, docs.gitguardian.com, bun.sh, namastex.com (+6 more)
- emails: genie@namastex.ai, 120363421396472428@g.us, 120363345897732032@g.us, pessoa@namastex.ai, 5511999999999@s.whatsapp.net (+4 more)
- payloadFileHash: 06e074cd33d9cd1e8c7a74e5b900b3814e3c8ea629c1553551c23a15ecddd44b
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | pgserve | 1.1.10 (affected) | — |
Aliases
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.