VDB

GCVE-110-OSM-2026-4797

GCVE-110-OSM-2026-4797
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published May 27, 2026
This NPM user is connected to the threat actor persona we have been tracking for years. This package currently doesn't do anything overtly malicious, but it's definitely suspicious, and we are marking it as low. Entrypoint: index.js (bin: ./index.js) Key findings: - Publisher Has Other Malicious Packages

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownmongosseeall (affected)

References

vendor

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›