VDB
GCVE-110-OSM-2026-3050
GCVE-110-OSM-2026-3050
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: obfuscated code, install-time execution.
Payload: prettier-lint/cdll.mjs
Secondary files: prettier-lint/ctll.mjs
Key findings:
- Download Execute Delete Pattern in prettier-lint/cdll.mjs: "spawn}from"\u006E\u006F\u0064\u0065\u003A\u0063\u0068\u0069\u006C\u0064\u005F\u0..."
- Download Execute Delete Pattern in prettier-lint/ctll.mjs: "execFileSync}from"\u006E\u006F\u0064\u0065\u003A\u0063\u0068\u0069\u006C\u0064\u..."
- Decoded Unicode Escape Content in prettier-lint/cdll.mjs
- Decoded Unicode Escape Content in prettier-lint/ctll.mjs
- IOCs Found in Deobfuscated Code in prettier-lint/cdll.mjs
IOCs:
- urls: https://joshuakgoldberg.github.io/ts-api-utils, https://mono-link.vercel.app/api/nonce
- domains: joshuakgoldberg.github.io, mono-link.vercel.app
- paths: C:\Windows
- _domainCandidates: mono-link.vercel.app
- payloadFileHash: cbfae0a142be94d7bb184197f32721b5f0a3e72c47640cab258bc039d56d117c
Decoded/deobfuscated IOCs:
- urls: https://mono-link.vercel.app/api/nonce
- domains: mono-link.vercel.app
- paths: C:\Windows
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | api-ts-utils | all (affected) | — |
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.