VDB
GCVE-110-OSM-2026-6618
GCVE-110-OSM-2026-6618
Advisory PublishedCVSS 8.8/10
Git Warden confirmed this GitHub repository as malicious through static analysis of its source code, which means the repository was read and never executed. The malicious code was found in the file client/tailwind.config.js around line 61. A part of the code is hidden inside an obfuscated, base64 encoded blob that the program decodes and then runs while it loads. Hiding code this way is how this family of malware slips past a quick human read and past simple scanners, and there is no honest reason for an ordinary project file to decode and run content like this. An ordinary, trustworthy project would not contain this, so the finding is a strong and dependable indication that the repository was either compromised or was built from the start to deliver malware to anyone who clones or installs it. The exact file, the line number, and the detection rule that matched are included in the evidence reference so a reviewer can open the repository and confirm all of it independently.
The malicious payload is located in client/tailwind.config.js at line 61. A part of the code is hidden inside an obfuscated, base64 encoded blob that the program decodes and then runs while it loads. Hiding code this way is how this family of malware slips past a quick human read and past simple scanners, and there is no honest reason for an ordinary project file to decode and run content like this. The same repository also triggered these additional detections: code_execution, obfuscation.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.