VDB
GCVE-110-OSM-2026-722
GCVE-110-OSM-2026-722
Advisory PublishedCVSS 8.8/10
This package was part of a hyper targeted dependency confusion attack. The threat actors used stolen information to craft PyPI packages they knew would run in the victim's CI/CD pipelines
The threat actor crafted custom malware that would only run in GitHub Actions, and if it identified that it was NOT in a CI pipeline, it would exit. The payload then analyzed whether it was in the correct victim's account and in the right GitHub Action. If it found that it was, it exfiltrated every variable and credential it had to an IP address 77.91.65.24. The malware then downloads additional payloads from 91.184.247.242 and 1.46.221.5
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | identityapi | * (affected) | — |
Aliases
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.