VDB
GCVE-110-OSM-2026-3367
GCVE-110-OSM-2026-3367
Advisory PublishedCVSS 8.8/10
Malicious package detected. Behaviors: data exfiltration.
Payload: source/vendor/supports-color/index.js
Key findings:
- Publisher Has Other Malicious Packages
- Publisher Shows Burner-Account Pattern
- Rapid Version Publishing
IOCs:
- urls: https://sindresorhus.com, https://sindresorhus.com/blog/micro-benchmark-fallacy
- domains: sindresorhus.com
- payloadFileHash: e82368a5f05d145e33de6ae3464056511664b620735ef58d1800a7bcda6691e5
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | termchalk | 3.9.0 (affected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.