VDB

GCVE-110-OSM-2026-6618

GCVE-110-OSM-2026-6618
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 20, 2026
Git Warden confirmed this GitHub repository as malicious through static analysis of its source code, which means the repository was read and never executed. The malicious code was found in the file client/tailwind.config.js around line 61. A part of the code is hidden inside an obfuscated, base64 encoded blob that the program decodes and then runs while it loads. Hiding code this way is how this family of malware slips past a quick human read and past simple scanners, and there is no honest reason for an ordinary project file to decode and run content like this. An ordinary, trustworthy project would not contain this, so the finding is a strong and dependable indication that the repository was either compromised or was built from the start to deliver malware to anyone who clones or installs it. The exact file, the line number, and the detection rule that matched are included in the evidence reference so a reviewer can open the repository and confirm all of it independently. The malicious payload is located in client/tailwind.config.js at line 61. A part of the code is hidden inside an obfuscated, base64 encoded blob that the program decodes and then runs while it loads. Hiding code this way is how this family of malware slips past a quick human read and past simple scanners, and there is no honest reason for an ordinary project file to decode and run content like this. The same repository also triggered these additional detections: code_execution, obfuscation.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›