베타 Shoulder는 베타 버전입니다 — 결과가 가끔 잘못될 수 있습니다. 여러분의 피드백이 다음에 무엇을 고칠지 결정합니다. 피드백 공유
Shoulder.dev

개발자를 위한 위협 인텔리전스
위협 센터

이 취약점은 실제인가요, 악용되고 있나요, 아니면 노이즈인가요?

패키지, CVE 또는 보안 우려 사항을 붙여넣으세요. 증명하고, 설명하고, 수정 방법을 보여드립니다.

검색해 보세요
log4j CVE-2021-44228 express CWE-79 (XSS) jsonwebtoken SQL injection

지원 형식: 패키지 이름, 패키지@버전, CVE ID, CWE ID, npm/PyPI URL

실시간 보안 알림

전체 보기 →
npm/@akanjs/cli CRITICAL

Payload delivery from suspicious source: IOC URL + execution capability

2 versions flagged · Latest 2.3.2

2 alerts View briefing →
npm/@clawos-dev/[email protected] HIGH

Payload delivery from suspicious source: IOC URL + execution capability

View briefing →
npm/@lotics/cli CRITICAL

Dynamic / forked-detached shell paired with code obfuscation — runtime dropper attribution (no install hook required)

2 versions flagged · Latest 0.48.0

2 alerts View briefing →
npm/@projectura/mcp HIGH

Payload delivery from suspicious source: IOC URL + execution capability

2 versions flagged · Latest 0.1.2

2 alerts View briefing →
npm/@twin.org/[email protected] HIGH

Payload delivery from suspicious source: IOC URL + execution capability

View briefing →

주목할 만한 취약점

Updated 14m ago
CVE-2025-68613 CRITICAL (10)

n8n Vulnerable to Remote Code Execution via Expression Injection

KEV EPSS 76.497% CWE-913
CVE-2026-39987 CRITICAL (9.8)

Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

KEV EPSS 55.208999999999996% CWE-306
CVE-2026-33017 CRITICAL (9.8)

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

KEV EPSS 41.243% CWE-94 CWE-95 CWE-306
CVE-2026-27483 HIGH (8.8)

MindsDB: Path Traversal in /api/files Leading to Remote Code Execution

1 exploit EPSS 18.791% CWE-22
CVE-2026-27966 CRITICAL (9.8)

Langflow has Remote Code Execution in CSV Agent

EPSS 35.107% CWE-94

위협 탐색

OWASP Top 10

웹 애플리케이션 보안을 위한 표준 인식 문서

2021 & 2025

CWE 인덱스

공통 약점 열거

94 CWE

탐지 규칙

귀하의 기술 스택에 맞는 규칙 찾기

347 규칙

주요 탐지 약점

전체 보기 →
CWE-200 14 rules

Exposure of Sensitive Information to an Unauthorized Actor
CWE-20 13 rules

Improper Input Validation
CWE-798 11 rules

Use of Hard-coded Credentials
CWE-94 10 rules

Improper Control of Generation of Code ('Code Injection')
CWE-250 10 rules

Execution with Unnecessary Privileges
CWE-942 9 rules

Permissive Cross-domain Policy with Untrusted Domains
CWE-400 8 rules

Uncontrolled Resource Consumption
CWE-639 8 rules

Authorization Bypass Through User-Controlled Key

패키지 보안 상태

semver npm
781.6M/wk 37.4K dependents
No known vulnerabilities
minimatch npm
652.6M/wk 11.8K dependents
3 vulnerabilities
debug npm
642M/wk 56.8K dependents
No known vulnerabilities
brace-expansion npm
561.2M/wk 2.8K dependents
1 vulnerabilities
strip-ansi npm
553.9M/wk 10.7K dependents
No known vulnerabilities
ansi-styles npm
540.7M/wk 3.8K dependents
No known vulnerabilities

터미널에서 스캔

Shoulder를 로컬에서 실행하여 설치 전 패키지를 분석하거나 전체 프로젝트의 취약점을 스캔하세요.

npx @shoulderdev/cli check <package>
npx @shoulderdev/cli trust .