VDB

GCVE-110-OSM-2026-5874

GCVE-110-OSM-2026-5874
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 14, 2026
The author of this package describes it as a "security placeholder" and appears to be a misguided way of marking former malicious packages so they don't get used again. This package is one of several dozen packages published by the author. Marking these as low severity. Entrypoint: index.js (main: index.js) Key findings: - Publisher Has Other Malicious Packages

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownbitwardenall (affected)

References

vendor

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›