inventree/InvenTree 软件分析报告

基础信息

项目名称:inventree/InvenTree

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1718853686783688704/1718853687186341888

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
PyPI仓库charset-normalizer组件包内嵌恶意代码 内嵌恶意代码 MPS-67h0-j1fr 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
charset-normalizer 3.3.0 间接依赖 强烈建议修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 126
自定义许可证 37
ISC 16
BSD-2-Clause 9
Apache-2.0 13
Apache-2.0 OR BSD-3-Clause 1
BSD-3-Clause 12
LGPL-3.0 1
Unlicense 1
Python-2.0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
levn 0.4.1 间接依赖 npm
django-cleanup 8.0.0 间接依赖 pip
is-glob 4.0.3 间接依赖 npm
django-xforwardedfor-middleware 2.0 间接依赖 pip
flat-cache 3.1.1 间接依赖 npm
flatted 3.2.7 间接依赖 npm
feedparser 6.0.10 间接依赖 pip
django-ical 1.9.2 间接依赖 pip
mkdocs 1.4.3 间接依赖 pip
eslint 8.51.0 直接依赖 npm
pytz 2023.3.post1 间接依赖 pip
p-limit 3.1.0 间接依赖 npm
oauthlib 3.2.2 间接依赖 pip
callsites 3.1.0 间接依赖 npm
urllib3 2.0.7 间接依赖 pip
python-dateutil 2.8.2 间接依赖 pip
dj-rest-auth 5.0.1 间接依赖 pip
zopfli 0.2.3 间接依赖 pip
ansi-styles 4.3.0 间接依赖 npm
wrappy 1.0.2 间接依赖 npm
cryptography 41.0.4 间接依赖 pip
@eslint-community/regexpp 4.5.1 间接依赖 npm
espree 9.5.2 间接依赖 npm
python-fsutil 0.10.0 间接依赖 pip
flatted 3.2.9 间接依赖 npm
run-parallel 1.2.0 间接依赖 npm
eslint-visitor-keys 3.4.1 间接依赖 npm
icalendar 5.0.10 间接依赖 pip
uritemplate 4.1.1 间接依赖 pip
pip-tools 7.3.0 间接依赖 pip
glob 7.2.3 间接依赖 npm
django-picklefield 3.1 间接依赖 pip
itypes 1.2.0 间接依赖 pip
once 1.4.0 间接依赖 npm
certifi 2023.7.22 间接依赖 pip
django-q-sentry 0.1.6 间接依赖 pip
parent-module 1.0.1 间接依赖 npm
models 间接依赖 pip
strip-ansi 6.0.1 间接依赖 npm
psycopg2 2.9.1 间接依赖 pip
snowballstemmer 2.2.0 间接依赖 pip
django-q2 1.6.1 间接依赖 pip
rpds-py 0.10.6 间接依赖 pip
gunicorn 21.2.0 间接依赖 pip
django-test-migrations 1.3.0 间接依赖 pip
babel 2.13.0 间接依赖 pip
django-taggit 4.0.0 间接依赖 pip
typing-extensions 4.8.0 间接依赖 pip
django-mptt 0.11.0 间接依赖 pip
django-sql-utils 0.7.0 间接依赖 pip
weasyprint 54.3 间接依赖 pip
sentry-sdk 1.32.0 间接依赖 pip
fastq 1.15.0 间接依赖 npm
redis 5.0.1 间接依赖 pip
imurmurhash 0.1.4 间接依赖 npm
webencodings 0.5.1 间接依赖 pip
djangorestframework 3.14.0 间接依赖 pip
coreapi 2.3.3 间接依赖 pip
fast-deep-equal 3.1.3 间接依赖 npm
@humanwhocodes/config-array 0.11.8 间接依赖 npm
yocto-queue 0.1.0 间接依赖 npm
django-stdimage 5.3.0 间接依赖 pip
escape-string-regexp 4.0.0 间接依赖 npm
py-moneyed 1.2 间接依赖 pip
django-money 2.1.1 间接依赖 pip
coveralls 2.1.2 间接依赖 pip
resolve-from 4.0.0 间接依赖 npm
openpyxl 3.1.2 间接依赖 pip
inflight 1.0.6 间接依赖 npm
strip-json-comments 3.1.1 间接依赖 npm
@nodelib/fs.walk 1.2.8 间接依赖 npm
docopt 0.6.2 间接依赖 pip
eslint-scope 7.2.0 间接依赖 npm
distlib 0.3.7 间接依赖 pip
@humanwhocodes/object-schema 1.2.1 间接依赖 npm
doctrine 3.0.0 间接依赖 npm
fast-levenshtein 2.0.6 间接依赖 npm
shebang-command 2.0.0 间接依赖 npm
django-filter 23.3 间接依赖 pip
flake8-docstrings 1.7.0 间接依赖 pip
@nodelib/fs.stat 2.0.5 间接依赖 npm
cffi 1.16.0 间接依赖 pip
eslint-scope 7.2.2 间接依赖 npm
markuppy 1.14 间接依赖 pip
find-up 5.0.0 间接依赖 npm
referencing 0.30.2 间接依赖 pip
markupsafe 2.1.3 间接依赖 pip
@eslint-community/regexpp 4.9.1 间接依赖 npm
queue-microtask 1.2.3 间接依赖 npm
drf-spectacular 0.26.5 间接依赖 pip
pgcli 3.1.0 间接依赖 pip
isexe 2.0.0 间接依赖 npm
pyflakes 3.1.0 间接依赖 pip
inflection 0.5.1 间接依赖 pip
p-locate 5.0.0 间接依赖 npm
balanced-match 1.0.2 间接依赖 npm
type-fest 0.20.2 间接依赖 npm
chalk 4.1.2 间接依赖 npm
path-key 3.1.1 间接依赖 npm
json-buffer 3.0.1 间接依赖 npm
xlwt 1.3.0 间接依赖 pip
is-path-inside 3.0.3 间接依赖 npm
debug 4.3.4 间接依赖 npm
django-user-sessions 2.0.0 间接依赖 pip
lodash.merge 4.6.2 间接依赖 npm
eslint-config-google 0.14.0 直接依赖 npm
path-is-absolute 1.0.1 间接依赖 npm
pep8-naming 0.13.3 间接依赖 pip
setuptools 65.6.3 间接依赖 pip
django-sslserver 0.22 间接依赖 pip
requests-oauthlib 1.3.1 间接依赖 pip
punycode 2.3.0 间接依赖 npm
brotli 1.1.0 间接依赖 pip
espree 9.6.1 间接依赖 npm
base_requirements.txt 间接依赖 pip
django 3.2.22 间接依赖 pip
regex 2023.10.3 间接依赖 pip
pydocstyle 6.3.0 间接依赖 pip
django-import-export 3.3.1 间接依赖 pip
sgmllib3k 1.0.0 间接依赖 pip
requests 2.31.0 间接依赖 pip
migrations 间接依赖 pip
color-convert 2.0.1 间接依赖 npm
coverage 5.5 间接依赖 pip
django-recurrence 1.11.1 间接依赖 pip
six 1.16.0 间接依赖 pip
jinja2 3.1.2 间接依赖 pip
python3-openid 3.2.0 间接依赖 pip
platformdirs 3.11.0 间接依赖 pip
type-check 0.4.0 间接依赖 npm
et-xmlfile 1.1.0 间接依赖 pip
xlrd 2.0.1 间接依赖 pip
diff-match-patch 20230430 间接依赖 pip
nodeenv 1.8.0 间接依赖 pip
django-redis 5.4.0 间接依赖 pip
html5lib 1.1 间接依赖 pip
ajv 6.12.6 间接依赖 npm
filelock 3.12.4 间接依赖 pip
odfpy 1.4.1 间接依赖 pip
supports-color 7.2.0 间接依赖 npm
pint 0.21 间接依赖 pip
ignore 5.2.4 间接依赖 npm
django-js-asset 2.1.0 间接依赖 pip
rimraf 3.0.2 间接依赖 npm
@eslint-community/eslint-utils 4.4.0 间接依赖 npm
@eslint/eslintrc 2.1.2 间接依赖 npm
estraverse 5.3.0 间接依赖 npm
fast-json-stable-stringify 2.1.0 间接依赖 npm
is-extglob 2.1.1 间接依赖 npm
@nodelib/fs.scandir 2.1.5 间接依赖 npm
which 2.0.2 间接依赖 npm
virtualenv 20.24.5 间接依赖 pip
django-flags 5.0.13 间接依赖 pip
django-formtools 2.4.1 间接依赖 pip
has-flag 4.0.0 间接依赖 npm
concat-map 0.0.1 间接依赖 npm
@eslint/js 8.41.0 间接依赖 npm
inherits 2.0.4 间接依赖 npm
django-markdownify 0.9.3 间接依赖 pip
markdown 3.5 间接依赖 pip
esrecurse 4.3.0 间接依赖 npm
python-dotenv 1.0.0 间接依赖 pip
acorn 8.10.0 间接依赖 npm
wheel 0.41.2 间接依赖 pip
keyv 4.5.4 间接依赖 npm
flat-cache 3.0.4 间接依赖 npm
build 1.0.3 间接依赖 pip
pycodestyle 2.11.1 间接依赖 pip
isort 5.12.0 间接依赖 pip
django-dbbackup 4.0.2 间接依赖 pip
acorn 8.8.2 间接依赖 npm
ansi-regex 5.0.1 间接依赖 npm
eslint 8.41.0 间接依赖 npm
pdf2image 1.16.3 间接依赖 pip
cfgv 3.4.0 间接依赖 pip
click 8.1.7 间接依赖 pip
dulwich 0.21.6 间接依赖 pip
pypng 0.20220715.0 间接依赖 pip
prelude-ls 1.2.1 间接依赖 npm
@aashutoshrathi/word-wrap 1.2.6 间接依赖 npm
brace-expansion 1.1.11 间接依赖 npm
globals 13.20.0 间接依赖 npm
async-timeout 4.0.3 间接依赖 pip
pre-commit 3.5.0 间接依赖 pip
text-table 0.2.0 间接依赖 npm
globals 13.23.0 间接依赖 npm
@humanwhocodes/config-array 0.11.11 间接依赖 npm
word-wrap 1.2.4 间接依赖 npm
django-allauth 0.54.0 间接依赖 pip
@humanwhocodes/module-importer 1.0.1 间接依赖 npm
pyyaml 6.0.1 间接依赖 pip
django-maintenance-mode 0.19.0 间接依赖 pip
glob-parent 6.0.2 间接依赖 npm
django-error-report-2 0.4.2 间接依赖 pip
graphemer 1.4.0 间接依赖 npm
django-weasyprint 2.2.1 间接依赖 pip
coreschema 0.0.4 间接依赖 pip
mccabe 0.7.0 间接依赖 pip
js-yaml 4.1.0 间接依赖 npm
tomli 2.0.1 间接依赖 pip
rapidfuzz 0.7.6 间接依赖 pip
pydyf 0.8.0 间接依赖 pip
pyphen 0.14.0 间接依赖 pip
acorn-jsx 5.3.2 间接依赖 npm
shebang-regex 3.0.0 间接依赖 npm
jsonschema-specifications 2023.7.1 间接依赖 pip
optionator 0.9.3 间接依赖 npm
pillow 9.5.0 间接依赖 pip
django-cors-headers 4.3.0 间接依赖 pip
reusify 1.0.4 间接依赖 npm
jsonschema 4.19.1 间接依赖 pip
django-debug-toolbar 4.2.0 间接依赖 pip
json-schema-traverse 0.4.1 间接依赖 npm
argparse 2.0.1 间接依赖 npm
attrs 23.1.0 间接依赖 pip
deep-is 0.1.4 间接依赖 npm
@eslint/js 8.51.0 间接依赖 npm
zipp 3.16.0 间接依赖 pip
django-otp 1.2.4 间接依赖 pip
locate-path 6.0.0 间接依赖 npm
flake8 6.1.0 间接依赖 pip
ms 2.1.2 间接依赖 npm
color-name 1.1.4 间接依赖 npm
fs.realpath 1.0.0 间接依赖 npm
django-allauth-2fa 0.11.1 间接依赖 pip
cross-spawn 7.0.3 间接依赖 npm
importlib-metadata 6.8.0 间接依赖 pip
file-entry-cache 6.0.1 间接依赖 npm
optionator 0.9.1 间接依赖 npm
idna 3.4 间接依赖 pip
asgiref 3.7.2 间接依赖 pip
@eslint/eslintrc 2.0.3 间接依赖 npm
natural-compare 1.4.0 间接依赖 npm
json-stable-stringify-without-jsonify 1.0.1 间接依赖 npm
esquery 1.5.0 间接依赖 npm
cssselect2 0.7.0 间接依赖 pip
esutils 2.0.3 间接依赖 npm
pyproject-hooks 1.0.0 间接依赖 pip
django-crispy-forms 1.14.0 间接依赖 pip
uri-js 4.4.1 间接依赖 npm
path-exists 4.0.0 间接依赖 npm
eslint-visitor-keys 3.4.3 间接依赖 npm
import-fresh 3.3.0 间接依赖 npm
django-slowtests 1.1.1 间接依赖 pip
minimatch 3.1.2 间接依赖 npm
charset-normalizer 3.3.0 间接依赖 pip
pycparser 2.21 间接依赖 pip
identify 2.5.30 间接依赖 pip
packaging 23.2 间接依赖 pip
django-sesame 3.2.1 间接依赖 pip
tinycss2 1.2.1 间接依赖 pip
sqlparse 0.4.4 间接依赖 pip
defusedxml 0.7.1 间接依赖 pip
(0)
上一篇 2023年10月30日
下一篇 2023年10月30日

相关推荐

  • ink-spot/UPCardsCarousel 软件分析报告

    基础信息 项目名称:ink-spot/UPCardsCarousel 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721277679880667136/1728342364413448192 此报告由Murph…

    软件分析 2023年11月25日
    0
  • andris9/Nodemailer 软件分析报告

    基础信息 项目名称:andris9/Nodemailer 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715816735613517824/1715816735668043776 此报告由Murphysec提供…

    软件分析 2023年10月23日
    0
  • playcanvas/engine 软件分析报告

    基础信息 项目名称:playcanvas/engine 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1754344223345639424/1754344350982504448 此报告由Murphysec提供 …

    软件分析 2024年2月5日
    0
  • formspree/formspree 软件分析报告

    基础信息 项目名称:formspree/formspree 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1717940560954261504/1717940561264640000 此报告由Murphysec提…

    软件分析 2023年10月28日
    0
  • adueck/good-clean-read 软件分析报告

    基础信息 项目名称:adueck/good-clean-read 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715543255122837504/1715543255445798912 此报告由Murphys…

    软件分析 2023年10月23日
    0