Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

Malicious code in github.com/boltdb-go/bolt (Go)

github.com/boltdb-go/bolt is a malicious Go package that typosquats the legitimate BoltDB library. It contains a backdoor enabling remote code execution on systems that install it.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any Go project that depends on github.com/boltdb-go/bolt instead of the legitimate BoltDB package
Ecosystems
Attack vectors
Affected entities
  • github.com/boltdb-go/boltMalicious typosquat package containing remote code execution backdoor

A malicious Go package named github.com/boltdb-go/bolt has been identified as a typosquat of the legitimate BoltDB package. The package contains a backdoor that enables remote code execution (RCE) on affected systems.\n\nThe malicious package is designed to deceive developers into installing it instead of the legitimate BoltDB library, likely through typos or confusion in dependency specifications. Any Go project that mistakenly depends on this malicious package is at risk of code execution compromise.\n\nThis incident was reported via the Google Open Source Security advisory system.

Indicators of compromise

Packages
  • github.com/boltdb-go/bolt

Remediation

  • Audit all Go project dependencies to identify any use of github.com/boltdb-go/bolt
  • Replace any instances of github.com/boltdb-go/bolt with the legitimate github.com/boltdb/bolt package
  • Review and rotate any credentials or secrets that may have been exposed on affected systems
  • Scan affected systems for signs of unauthorized access or code execution
  • Update to the latest version of the legitimate BoltDB package

Sources

  1. GitHub Advisory GHSA-9gmm-c6g7-rqg9 · GitHub Advisory Database

Cite this entry

"Malicious code in github.com/boltdb-go/bolt (Go)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 13, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/malicious-code-in-github-com-boltdb-go-bolt-go-sgi4xv

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. resolvedcritical

    Malicious code in github.com/shallowmulti/hypert (Go)

    A malicious Go package github.com/shallowmulti/hypert was published as a typosquatting attack, designed to act as a loader for downloading and executing additional malicious payloads on Linux and macOS systems. The package was identified and reported via the GitHub Advisory Database.

    GoTyposquattingCompromised package
  2. resolvedcritical

    Malicious code in github.com/ornatedoctrin/layout (Go)

    A malicious Go package github.com/ornatedoctrin/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  3. resolvedcritical

    Malicious code in github.com/shadowybulk/hypert (Go)

    A malicious Go package, github.com/shadowybulk/hypert, was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  4. resolvedcritical

    Malicious code in github.com/thankfulmai/hypert (Go)

    A malicious Go package github.com/thankfulmai/hypert was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package