VDB
GCVE-110-OSM-2026-6606
GCVE-110-OSM-2026-6606
Advisory PublishedCVSS 8.8/10
Malicious package detected.
ENTRY
dist/index.js (main: dist/index.js)
DESTINATION
- ethereumAddresses: 0x2F015C60E0be116B1f0CD534704Db9c92118FB6A (exfil, plaintext)
ADDITIONAL FINDINGS
- Publisher Has Other Malicious Packages
INDICATORS (IOCs)
- urls: http://browserify.org/, https://eips.ethereum.org/EIPS/eip-161, https://eips.ethereum.org/EIPS/eip-1191, https://eips.ethereum.org/EIPS/eip-55, https://eips.ethereum.org/EIPS/eip-2098
- domains: browserify.org, eips.ethereum.org, nickdodson.com, timothyjcoulter.com, rtfs.hu (+2 more)
- emails: tim@timothyjcoulter.com, alex@rtfs.hu, fanatid@ya.ru, aaron@kumavis.me
- sha256Hashes: 657468657265756d000000000000000000000000000000000000000000000000, 000000000000000000000000000000000000000000000000657468657265756d, c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470, 1dcc4de8dec75d7aab85b567b6ccd41ad312451b948a7413f0a142fd40d49347, 56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421 (+3 more)
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | web3-eth-utils | 6.2.8 (affected), 6.2.8 (affected) | — |
Aliases
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.