VDB
GCVE-110-OSM-2026-5787
GCVE-110-OSM-2026-5787
Advisory PublishedCVSS 8.8/10
Malicious package detected. Behaviors: obfuscated code.
Entrypoint: lib/index.js (main: lib/index.js)
Payload: lib/transformer.js
Key findings:
- Dynamic Base64 Decoding in lib/transformer.js: "Buffer.from(value, 'base64')"
- Very New NPM Publisher Account
- Publisher Has Other Malicious Packages
IOCs:
- domains: vich.com
- emails: gennagykoroke@vich.com
- sha256Hashes: e41c966f21f9e1577802463f8924e6a3fe3e9751f201304213b2f845d8841d61, d85117047fd06d3afa79b6e44ee3a52eb426fc24c3a2e3667732e8da0342b4da
- payloadFileHash: a0a68b695e0524df2009d2a0f7554a3162f1038a98d7471663cac5d96a36b0fc
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | typeorm-encrypt | all (affected) | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.