guillaumebriday/laravel-blog 软件分析报告

基础信息

项目名称:guillaumebriday/laravel-blog

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1718395958063841280/1718395958114172928

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Laravel v9.1.8 反序列化漏洞 反序列化 MPS-2022-10162 CVE-2022-30778 严重
node-semver 安全漏洞 ReDoS MPS-2022-5166 CVE-2022-25883 高危
Tauri 原型污染漏洞 原型污染 MPS-2022-65568 CVE-2022-46175 高危
word-wrap 安全漏洞 ReDoS MPS-2023-5109 CVE-2023-26115 高危
PostCSS 安全漏洞 注入 MPS-y3tx-jzms CVE-2023-44270 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
laravel/framework v9.52.15 间接依赖 强烈建议修复
word-wrap 1.2.3 1.2.4 间接依赖 建议修复
json5 1.0.1 1.0.2 间接依赖 建议修复
semver 7.3.7 7.5.2 间接依赖 可选修复
semver 6.3.0 7.5.2 间接依赖 可选修复
postcss 8.4.28 8.4.31 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
ISC 19
MIT 252
GPL-2.0 1
GPL-3.0 1
BSD-3-Clause 8
Apache-2.0 7
BSD-2-Clause 6
BSD-4-Clause 3
Python-2.0 1
Unlicense 1
LGPL-2.0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
inherits 2.0.4 间接依赖 npm
debug 3.2.7 间接依赖 npm
picocolors 1.0.0 间接依赖 npm
strip-ansi 6.0.1 间接依赖 npm
string.prototype.trimend 1.0.5 间接依赖 npm
has-property-descriptors 1.0.0 间接依赖 npm
globals 13.15.0 间接依赖 npm
vite 4.4.9 直接依赖 npm
nette/schema v1.2.4 间接依赖 composer
php-64bit 间接依赖 composer
is-boolean-object 1.1.2 间接依赖 npm
laravel-vite-plugin 0.8.0 直接依赖 npm
fill-range 7.0.1 间接依赖 npm
lru-cache 6.0.0 间接依赖 npm
internal-slot 1.0.3 间接依赖 npm
composer-runtime-api 间接依赖 composer
phpoption/phpoption 1.9.1 间接依赖 composer
ms 2.1.3 间接依赖 npm
lodash.merge 4.6.2 间接依赖 npm
illuminate/database 间接依赖 composer
@esbuild/win32-arm64 0.18.20 直接依赖 npm
path-is-absolute 1.0.1 间接依赖 npm
postcss 8.4.28 间接依赖 npm
illuminate/notifications 间接依赖 composer
filp/whoops 2.15.3 间接依赖 composer
yallist 4.0.0 间接依赖 npm
egulias/email-validator 4.0.1 间接依赖 composer
flatted 3.2.5 间接依赖 npm
minimist 1.2.6 间接依赖 npm
eslint-plugin-es 4.1.0 间接依赖 npm
illuminate/routing 间接依赖 composer
balanced-match 1.0.2 间接依赖 npm
@esbuild/android-arm 0.18.20 直接依赖 npm
@hotwired/turbo 7.1.0 直接依赖 npm
acorn-jsx 5.3.2 间接依赖 npm
flat-cache 3.0.4 间接依赖 npm
string.prototype.trimstart 1.0.5 间接依赖 npm
eslint-utils 2.1.0 间接依赖 npm
psr/http-message 2.0 间接依赖 composer
@humanwhocodes/config-array 0.9.5 间接依赖 npm
webmozart/assert 1.11.0 间接依赖 composer
get-symbol-description 1.0.0 间接依赖 npm
maximebf/debugbar v1.18.2 间接依赖 composer
symfony/polyfill-uuid v1.27.0 间接依赖 composer
callsites 3.1.0 间接依赖 npm
good-listener 1.2.2 间接依赖 npm
is-symbol 1.0.4 间接依赖 npm
object-keys 1.1.1 间接依赖 npm
illuminate/pipeline 间接依赖 composer
barryvdh/laravel-debugbar v3.8.2 间接依赖 composer
once 1.4.0 间接依赖 npm
symfony/console v6.3.2 间接依赖 composer
psr/clock 1.0.0 间接依赖 composer
picomatch 2.3.1 间接依赖 npm
symfony/deprecation-contracts v3.3.0 间接依赖 composer
dflydev/dot-access-data v3.0.2 间接依赖 composer
symfony/var-dumper v6.3.3 间接依赖 composer
ansi-regex 5.0.1 间接依赖 npm
immutable 4.1.0 间接依赖 npm
illuminate/console 间接依赖 composer
eslint-plugin-promise 6.0.0 直接依赖 npm
psr/http-factory 1.0.2 间接依赖 composer
psr/container 2.0.2 间接依赖 composer
symfony/event-dispatcher v6.3.2 间接依赖 composer
eslint-config-standard 17.0.0 直接依赖 npm
uri-js 4.4.1 间接依赖 npm
illuminate/contracts 间接依赖 composer
esutils 2.0.3 间接依赖 npm
@esbuild/linux-riscv64 0.18.20 直接依赖 npm
shebang-regex 3.0.0 间接依赖 npm
sass 1.51.0 直接依赖 npm
vite-plugin-full-reload 1.0.5 间接依赖 npm
object.assign 4.1.2 间接依赖 npm
@esbuild/win32-x64 0.18.20 直接依赖 npm
nanoid 3.3.6 间接依赖 npm
text-table 0.2.0 间接依赖 npm
es-shim-unscopables 1.0.0 间接依赖 npm
eslint-visitor-keys 2.1.0 间接依赖 npm
symfony/http-foundation v6.3.2 间接依赖 composer
voku/portable-ascii 2.0.1 间接依赖 composer
debug 4.3.4 间接依赖 npm
eslint-plugin-node 11.1.0 直接依赖 npm
symfony/error-handler v6.3.2 间接依赖 composer
fs.realpath 1.0.0 间接依赖 npm
strip-json-comments 3.1.1 间接依赖 npm
type-fest 0.20.2 间接依赖 npm
illuminate/queue 间接依赖 composer
glob-parent 5.1.2 间接依赖 npm
esrecurse 4.3.0 间接依赖 npm
side-channel 1.0.4 间接依赖 npm
guzzlehttp/promises 2.0.1 间接依赖 composer
levn 0.4.1 间接依赖 npm
shebang-command 2.0.0 间接依赖 npm
@esbuild/linux-arm64 0.18.20 直接依赖 npm
nikic/php-parser v4.17.1 间接依赖 composer
espree 9.3.2 间接依赖 npm
type-check 0.4.0 间接依赖 npm
symfony/string v6.3.2 间接依赖 composer
which-boxed-primitive 1.0.2 间接依赖 npm
is-shared-array-buffer 1.0.2 间接依赖 npm
illuminate/events 间接依赖 composer
is-number-object 1.0.7 间接依赖 npm
symfony/translation-contracts v3.3.0 间接依赖 composer
import-fresh 3.3.0 间接依赖 npm
locate-path 2.0.0 间接依赖 npm
symfony/event-dispatcher-contracts v3.3.0 间接依赖 composer
psr/event-dispatcher 1.0.0 间接依赖 composer
@esbuild/darwin-arm64 0.18.20 直接依赖 npm
is-regex 1.1.4 间接依赖 npm
trumbowyg 2.25.1 直接依赖 npm
eslint-plugin-n 15.2.3 直接依赖 npm
illuminate/bus 间接依赖 composer
semver 7.3.7 间接依赖 npm
ajv 6.12.6 间接依赖 npm
punycode 2.1.1 间接依赖 npm
spatie/image-optimizer 1.7.1 间接依赖 composer
esquery 1.4.0 间接依赖 npm
symfony/process v6.3.2 间接依赖 composer
minimatch 3.1.2 间接依赖 npm
symfony/polyfill-intl-idn v1.27.0 间接依赖 composer
brick/math 0.11.0 间接依赖 composer
file-entry-cache 6.0.1 间接依赖 npm
spatie/db-dumper 3.4.0 间接依赖 composer
guzzlehttp/uri-template v1.0.1 间接依赖 composer
league/config v1.2.0 间接依赖 composer
ignore 5.2.0 间接依赖 npm
psy/psysh v0.11.20 间接依赖 composer
@types/json5 0.0.29 间接依赖 npm
has-symbols 1.0.3 间接依赖 npm
is-date-object 1.0.5 间接依赖 npm
nunomaduro/termwind v1.15.1 间接依赖 composer
paragonie/random_compat v9.99.100 间接依赖 composer
select 1.1.2 间接依赖 npm
binary-extensions 2.2.0 间接依赖 npm
acorn 8.7.1 间接依赖 npm
illuminate/conditionable 间接依赖 composer
path-parse 1.0.7 间接依赖 npm
laravel-echo 1.11.7 直接依赖 npm
parent-module 1.0.1 间接依赖 npm
estraverse 5.3.0 间接依赖 npm
@esbuild/linux-x64 0.18.20 直接依赖 npm
has-flag 4.0.0 间接依赖 npm
laravel/horizon v5.19.1 间接依赖 composer
js-yaml 4.1.0 间接依赖 npm
@fortawesome/fontawesome-free 6.4.2 直接依赖 npm
hotwired/turbo-laravel 1.12.2 间接依赖 composer
jquery 3.7.1 直接依赖 npm
predis/predis v2.2.1 间接依赖 composer
function.prototype.name 1.1.5 间接依赖 npm
escape-string-regexp 4.0.0 间接依赖 npm
ms 2.1.2 间接依赖 npm
doctrine/lexer 3.0.0 间接依赖 composer
braces 3.0.2 间接依赖 npm
dragonmantank/cron-expression v3.3.3 间接依赖 composer
maennchen/zipstream-php 3.1.0 间接依赖 composer
symfony/css-selector v6.3.2 间接依赖 composer
psr/cache 3.0.0 间接依赖 composer
ralouphie/getallheaders 3.0.3 间接依赖 composer
spatie/laravel-signal-aware-command 1.3.0 间接依赖 composer
spatie/image 2.2.7 间接依赖 composer
natural-compare 1.4.0 间接依赖 npm
league/flysystem-local 3.15.0 间接依赖 composer
laravel/socialite v5.8.0 间接依赖 composer
illuminate/support 间接依赖 composer
is-bigint 1.0.4 间接依赖 npm
path-exists 3.0.0 间接依赖 npm
@esbuild/android-arm64 0.18.20 直接依赖 npm
clipboard 2.0.10 直接依赖 npm
symfony/translation v6.3.3 间接依赖 composer
illuminate/session 间接依赖 composer
functional-red-black-tree 1.0.1 间接依赖 npm
eslint-utils 3.0.0 间接依赖 npm
psr/log 3.0.0 间接依赖 composer
laravel/serializable-closure v1.3.1 间接依赖 composer
json5 1.0.1 间接依赖 npm
semver 6.3.0 间接依赖 npm
has-tostringtag 1.0.0 间接依赖 npm
cross-env 7.0.3 直接依赖 npm
tsconfig-paths 3.14.1 间接依赖 npm
json-schema-traverse 0.4.1 间接依赖 npm
eslint-visitor-keys 1.3.0 间接依赖 npm
symfony/uid v6.3.0 间接依赖 composer
has 1.0.3 间接依赖 npm
eslint-plugin-standard 5.0.0 直接依赖 npm
@esbuild/linux-s390x 0.18.20 直接依赖 npm
optionator 0.9.1 间接依赖 npm
debug 2.6.9 间接依赖 npm
color-convert 2.0.1 间接依赖 npm
regexp.prototype.flags 1.4.3 间接依赖 npm
define-properties 1.1.4 间接依赖 npm
illuminate/validation 间接依赖 composer
spatie/temporary-directory 2.1.2 间接依赖 composer
psr/http-client 1.0.2 间接依赖 composer
brace-expansion 1.1.11 间接依赖 npm
symfony/mailer v6.3.0 间接依赖 composer
@esbuild/netbsd-x64 0.18.20 直接依赖 npm
symfony/finder v6.3.3 间接依赖 composer
@esbuild/android-x64 0.18.20 直接依赖 npm
guzzlehttp/psr7 2.6.0 间接依赖 composer
delegate 3.2.0 间接依赖 npm
anymatch 3.1.2 间接依赖 npm
league/oauth1-client v1.10.1 间接依赖 composer
path-key 3.1.1 间接依赖 npm
doctrine/inflector 2.0.8 间接依赖 composer
argparse 2.0.1 间接依赖 npm
is-number 7.0.0 间接依赖 npm
tweetnacl 1.0.3 间接依赖 npm
prelude-ls 1.2.1 间接依赖 npm
cross-spawn 7.0.3 间接依赖 npm
fruitcake/php-cors v1.2.0 间接依赖 composer
league/flysystem 3.15.1 间接依赖 composer
@esbuild/win32-ia32 0.18.20 直接依赖 npm
strip-bom 3.0.0 间接依赖 npm
doctrine/deprecations v1.1.1 间接依赖 composer
illuminate/filesystem 间接依赖 composer
which 2.0.2 间接依赖 npm
psr/simple-cache 3.0.0 间接依赖 composer
chalk 4.1.2 间接依赖 npm
doctrine/dbal 3.6.6 间接依赖 composer
esbuild 0.18.20 间接依赖 npm
ramsey/collection 2.0.0 间接依赖 composer
nesbot/carbon 2.69.0 间接依赖 composer
is-callable 1.2.4 间接依赖 npm
illuminate/http 间接依赖 composer
bootstrap 5.3.2 直接依赖 npm
supports-preserve-symlinks-flag 1.0.0 间接依赖 npm
supports-color 7.2.0 间接依赖 npm
guzzlehttp/guzzle 7.7.0 间接依赖 composer
symfony/polyfill-php83 v1.27.0 间接依赖 composer
concat-map 0.0.1 间接依赖 npm
v8-compile-cache 2.3.0 间接依赖 npm
nunomaduro/collision v6.2.0 间接依赖 composer
word-wrap 1.2.3 间接依赖 npm
@esbuild/linux-arm 0.18.20 直接依赖 npm
@esbuild/darwin-x64 0.18.20 直接依赖 npm
fsevents 2.3.2 直接依赖 npm
doctrine/cache 2.2.0 间接依赖 composer
resolve 1.22.1 间接依赖 npm
find-up 2.1.0 间接依赖 npm
readdirp 3.6.0 间接依赖 npm
league/mime-type-detection 1.13.0 间接依赖 composer
monolog/monolog 2.9.1 间接依赖 composer
symfony/polyfill-intl-grapheme v1.27.0 间接依赖 composer
fast-levenshtein 2.0.6 间接依赖 npm
eslint-visitor-keys 3.3.0 间接依赖 npm
rimraf 3.0.2 间接依赖 npm
@humanwhocodes/object-schema 1.2.1 间接依赖 npm
functions-have-names 1.2.3 间接依赖 npm
is-core-module 2.9.0 间接依赖 npm
doctrine 3.0.0 间接依赖 npm
eslint-module-utils 2.7.3 间接依赖 npm
symfony/polyfill-ctype v1.27.0 间接依赖 composer
function-bind 1.1.1 间接依赖 npm
league/commonmark 2.4.0 间接依赖 composer
symfony/polyfill-mbstring v1.27.0 间接依赖 composer
symfony/polyfill-intl-normalizer v1.27.0 间接依赖 composer
intervention/image 2.7.2 间接依赖 composer
eslint-import-resolver-node 0.3.6 间接依赖 npm
spatie/laravel-backup 8.1.2 间接依赖 composer
@esbuild/freebsd-arm64 0.18.20 直接依赖 npm
is-extglob 2.1.1 间接依赖 npm
symfony/polyfill-php80 v1.27.0 间接依赖 composer
@esbuild/freebsd-x64 0.18.20 直接依赖 npm
ansi-styles 4.3.0 间接依赖 npm
json-stable-stringify-without-jsonify 1.0.1 间接依赖 npm
@esbuild/linux-ia32 0.18.20 直接依赖 npm
symfony/polyfill-php72 v1.27.0 间接依赖 composer
deep-is 0.1.4 间接依赖 npm
@esbuild/openbsd-x64 0.18.20 直接依赖 npm
object-inspect 1.12.2 间接依赖 npm
ms 2.0.0 间接依赖 npm
fast-deep-equal 3.1.3 间接依赖 npm
rollup 3.28.1 间接依赖 npm
resolve-from 4.0.0 间接依赖 npm
symfony/service-contracts v3.3.0 间接依赖 composer
@esbuild/sunos-x64 0.18.20 直接依赖 npm
get-intrinsic 1.1.2 间接依赖 npm
pusher/pusher-php-server 7.2.3 间接依赖 composer
laravel/framework v9.52.15 间接依赖 composer
es-abstract 1.20.1 间接依赖 npm
tiny-emitter 2.1.0 间接依赖 npm
color-name 1.1.4 间接依赖 npm
@esbuild/linux-mips64el 0.18.20 直接依赖 npm
call-bind 1.0.2 间接依赖 npm
vlucas/phpdotenv v5.5.0 间接依赖 composer
eslint-plugin-es 3.0.1 间接依赖 npm
paragonie/sodium_compat v1.20.0 间接依赖 composer
graham-campbell/result-type v1.1.1 间接依赖 composer
is-weakref 1.0.2 间接依赖 npm
isexe 2.0.0 间接依赖 npm
@eslint/eslintrc 1.3.0 间接依赖 npm
source-map-js 1.0.2 间接依赖 npm
has-bigints 1.0.2 间接依赖 npm
eslint-plugin-import 2.26.0 直接依赖 npm
facade/ignition-contracts 1.0.2 间接依赖 composer
object.values 1.1.5 间接依赖 npm
league/glide 2.3.0 间接依赖 composer
chokidar 3.5.3 间接依赖 npm
spatie/laravel-medialibrary 10.11.3 间接依赖 composer
ramsey/uuid 4.7.4 间接依赖 composer
glob 7.2.3 间接依赖 npm
pusher-js 7.1.0-beta 直接依赖 npm
array.prototype.flat 1.3.0 间接依赖 npm
fast-json-stable-stringify 2.1.0 间接依赖 npm
eslint 8.14.0 直接依赖 npm
array-includes 3.1.5 间接依赖 npm
@popperjs/core 2.11.8 直接依赖 npm
spatie/laravel-package-tools 1.16.0 间接依赖 composer
unbox-primitive 1.0.2 间接依赖 npm
doctrine 2.1.0 间接依赖 npm
eslint-scope 7.1.1 间接依赖 npm
imurmurhash 0.1.4 间接依赖 npm
doctrine/event-manager 2.0.0 间接依赖 composer
normalize-path 3.0.0 间接依赖 npm
laravel/tinker v2.8.1 间接依赖 composer
symfony/routing v6.3.3 间接依赖 composer
is-negative-zero 2.0.2 间接依赖 npm
is-glob 4.0.3 间接依赖 npm
is-string 1.0.7 间接依赖 npm
p-locate 2.0.0 间接依赖 npm
symfony/http-kernel v6.3.3 间接依赖 composer
tijsverkoyen/css-to-inline-styles 2.2.6 间接依赖 composer
@esbuild/linux-loong64 0.18.20 直接依赖 npm
glob-parent 6.0.2 间接依赖 npm
to-regex-range 5.0.1 间接依赖 npm
laravel/ui v3.4.5 间接依赖 composer
builtins 5.0.1 间接依赖 npm
symfony/mime v6.3.3 间接依赖 composer
es-to-primitive 1.2.1 间接依赖 npm
p-limit 1.3.0 间接依赖 npm
regexpp 3.2.0 间接依赖 npm
inflight 1.0.6 间接依赖 npm
@esbuild/linux-ppc64 0.18.20 直接依赖 npm
is-binary-path 2.1.0 间接依赖 npm
(0)
上一篇 2023年10月29日
下一篇 2023年10月29日

相关推荐

  • amoschov/TideSDK 软件分析报告

    基础信息 项目名称:amoschov/TideSDK 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715767638562226176/1715767639686299648 此报告由Murphysec提供 漏…

    软件分析 2023年10月23日
    0
  • yfactorial/objectiveresource 软件分析报告

    基础信息 项目名称:yfactorial/objectiveresource 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721662075150077952/1721662075187826688 此报告由M…

    软件分析 2023年11月7日
    0
  • kwai/DouZero 软件分析报告

    基础信息 项目名称:kwai/DouZero 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719603279801483264/1719603288370446336 此报告由Murphysec提供 漏洞列表 …

    软件分析 2023年11月1日
    0
  • bbc/sqs-consumer 软件分析报告

    基础信息 项目名称:bbc/sqs-consumer 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716264392601501696/1716264392660221952 此报告由Murphysec提供 漏…

    软件分析 2023年10月23日
    0
  • 256dpi/lungo 软件分析报告

    基础信息 项目名称:256dpi/lungo 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721674121716736000/1721674121762873344 此报告由Murphysec提供 漏洞列表 …

    软件分析 2023年11月7日
    0