Czy ta podatnosc jest prawdziwa, wykorzystywana, czy to szum?
Wklej pakiet, CVE lub problem bezpieczenstwa. Udowodnimy, wyjasimy i pokazemy poprawke.
Akceptuje: nazwy pakietow, pakiet@wersja, identyfikatory CVE, identyfikatory CWE, adresy URL npm/PyPI
Alerty bezpieczeństwa na żywo
Zobacz wszystko →Newly-introduced runtime execution surface (eval / shell / network) on a package published inside a coordinated burst of uninspectable ballooned bundles by the same maintainer account - stage-1 dropper precursor, failing closed
Burst publisher with new account
A dist-tag (e.g. latest) was moved to this version while it was less than 1 hour old — publish-side compromise indicator
Burst publisher with new account
Payload delivery from suspicious source: IOC URL + execution capability
Istotne Podatnosci
Updated 6m agon8n Vulnerable to Remote Code Execution via Expression Injection
Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution
Langflow has Remote Code Execution in CSV Agent
Slabosci, o Ktorych Powinienes Wiedziec
Zobacz wszystko →Exposure of Sensitive Information to an Unauthorized Actor
Improper Input Validation
Use of Hard-coded Credentials
Improper Control of Generation of Code ('Code Injection')
Execution with Unnecessary Privileges
Permissive Cross-domain Policy with Untrusted Domains
Uncontrolled Resource Consumption
Authorization Bypass Through User-Controlled Key
Status Bezpieczenstwa Pakietu
Skanuj z terminala
Uruchom Shoulder lokalnie, aby analizowac pakiety przed instalacja lub skanowac caly projekt pod katem podatnosci.
npx @shoulderdev/cli check <package>
npx @shoulderdev/cli trust .