VDB
GCVE-110-OSM-2026-593
GCVE-110-OSM-2026-593
Advisory PublishedCVSS 8.8/10
GitHub repository contains known malicious package, the repository and the GitHub organisation has known association with contagious interview.
The package.json contains malicious package already flagged by OSM.
The package name is react-next-dom.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | yelp-biz-action-constants-js-generated | all (affected), * (affected) | — |
| unknown | all (affected), all (affected) | — | |
| unknown | pino-pretty-log | all (affected), all (affected), all (affected), * (affected), all (affected), all (affected), all (affected), all (affected), all (affected) | — |
| unknown | agoda-test-poc | * (affected), all (affected), all (affected), all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.