VDB
GCVE-110-OSM-2026-5879
GCVE-110-OSM-2026-5879
Advisory PublishedCVSS 5.4/10
The author of this package describes it as a "security placeholder" and appears to be a misguided way of marking former malicious packages so they don't get used again. This package is one of several dozen packages published by the author. Marking these as low severity.
ENTRY
index.js (main: index.js)
EXFIL
- System Information Collection in index.js: "os.homedir()"
ADDITIONAL FINDINGS
- Publisher Has Other Malicious Packages
PAYLOAD FILES
index.js
INDICATORS (IOCs)
- payloadFileHash: 5052735286be2f1ca3e52c72943411c14d7e040454c436c1136307f270e30dbc
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | teampcp | all (affected) | — |
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.