VDB

GCVE-110-OSM-2026-5873

GCVE-110-OSM-2026-5873
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 14, 2026
The author of this package describes it as a "security placeholder" and appears to be a misguided way of marking former malicious packages so they don't get used again. This package is one of several dozen packages published by the author. Marking these as low severity. Entrypoint: index.js (main: index.js) Key findings: - Publisher Has Other Malicious Packages

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownbitwardencliall (affected)

References

vendor

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›