Es esta vulnerabilidad real, explotada o solo ruido?
Pega un paquete, CVE o preocupacion de seguridad. Lo demostramos, lo explicamos y mostramos la solucion.
Acepta: nombres de paquetes, paquete@versión, IDs de CVE, IDs de CWE, URLs de npm/PyPI
Alertas de Seguridad en Vivo
Ver todo →Payload delivery from suspicious source: IOC URL + execution capability
Dynamic / forked-detached shell paired with code obfuscation — runtime dropper attribution (no install hook required)
2 versions flagged · Latest 0.48.0
Install-time credential exfiltration: sensitive file access + outbound network during install
Install-time payload delivery: remote fetch + execution during install
Payload delivery from suspicious source: IOC URL + execution capability
2 versions flagged · Latest 0.1.2
Vulnerabilidades Notables
Updated 19m agon8n Vulnerable to Remote Code Execution via Expression Injection
Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution
Langflow has Remote Code Execution in CSV Agent
Principales Debilidades Detectadas
Ver todo →Exposure of Sensitive Information to an Unauthorized Actor
Improper Input Validation
Use of Hard-coded Credentials
Improper Control of Generation of Code ('Code Injection')
Execution with Unnecessary Privileges
Permissive Cross-domain Policy with Untrusted Domains
Uncontrolled Resource Consumption
Authorization Bypass Through User-Controlled Key
Estado de Seguridad del Paquete
Escanea desde tu terminal
Ejecuta Shoulder localmente para analizar paquetes antes de instalarlos, o escanea todo tu proyecto en busca de vulnerabilidades.
npx @shoulderdev/cli check <package>
npx @shoulderdev/cli trust .