基础信息
项目名称:laravelio/laravel.io
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1719657439351668736/1719657440115032064
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Laravel v9.1.8 反序列化漏洞 | 反序列化 | MPS-2022-10162 | CVE-2022-30778 | 严重 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| laravel/framework | v10.28.0 | 间接依赖 | 强烈建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 9 | 低 |
| MIT | 257 | 低 |
| ISC | 13 | 低 |
| GPL-2.0 | 2 | 中 |
| GPL-3.0 | 2 | 中 |
| CC-BY-4.0 | 1 | 低 |
| Apache-2.0 | 8 | 低 |
| BSD-4-Clause | 4 | 低 |
| CC0-1.0 | 1 | 低 |
| LGPL-2.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| source-map-js | 1.0.2 | 间接依赖 | npm |
| symfony/polyfill-intl-normalizer | v1.28.0 | 间接依赖 | composer |
| league/flysystem-aws-s3-v3 | 3.16.0 | 间接依赖 | composer |
| guzzlehttp/uri-template | v1.0.2 | 间接依赖 | composer |
| minimatch | 3.1.2 | 间接依赖 | npm |
| chokidar | 3.5.3 | 间接依赖 | npm |
| symfony/finder | v6.3.5 | 间接依赖 | composer |
| league/oauth1-client | v1.10.1 | 间接依赖 | composer |
| graham-campbell/result-type | v1.1.1 | 间接依赖 | composer |
| @algolia/client-common | 4.19.1 | 间接依赖 | npm |
| resolve | 1.22.2 | 间接依赖 | npm |
| symfony/polyfill-mbstring | v1.28.0 | 间接依赖 | composer |
| ramsey/collection | 2.0.0 | 间接依赖 | composer |
| php-http/client-common | 2.7.0 | 间接依赖 | composer |
| mz | 2.7.0 | 间接依赖 | npm |
| fastq | 1.15.0 | 间接依赖 | npm |
| league/commonmark | 2.4.1 | 间接依赖 | composer |
| nette/utils | v4.0.2 | 间接依赖 | composer |
| symfony/polyfill-intl-idn | v1.28.0 | 间接依赖 | composer |
| laravel/slack-notification-channel | v2.5.0 | 间接依赖 | composer |
| psr/http-factory-implementation | 间接依赖 | composer | |
| clue/stream-filter | v1.6.0 | 间接依赖 | composer |
| @algolia/requester-browser-xhr | 4.19.1 | 间接依赖 | npm |
| is-core-module | 2.12.1 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001517 | 间接依赖 | npm |
| esbuild-linux-64 | 0.14.54 | 间接依赖 | npm |
| @vue/shared | 3.1.5 | 间接依赖 | npm |
| lines-and-columns | 1.2.4 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| esbuild-netbsd-64 | 0.14.54 | 间接依赖 | npm |
| symfony/console | v6.3.4 | 间接依赖 | composer |
| illuminate/view | 间接依赖 | composer | |
| fill-range | 7.0.1 | 间接依赖 | npm |
| spatie/laravel-robots-middleware | 1.3.2 | 间接依赖 | composer |
| algolia/algoliasearch-client-php | 3.4.1 | 间接依赖 | composer |
| node-releases | 2.0.13 | 间接依赖 | npm |
| laravel/framework | v10.28.0 | 间接依赖 | composer |
| deepmerge | 4.3.1 | 间接依赖 | npm |
| glob-parent | 6.0.2 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| laravel/ui | v4.2.2 | 间接依赖 | composer |
| autoprefixer | 10.4.14 | 直接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| didyoumean | 1.2.2 | 间接依赖 | npm |
| symfony/deprecation-contracts | v3.3.0 | 间接依赖 | composer |
| inherits | 2.0.4 | 间接依赖 | npm |
| symfony/translation-contracts | v3.3.0 | 间接依赖 | composer |
| psr/clock | 1.0.0 | 间接依赖 | composer |
| postcss-selector-parser | 6.0.10 | 间接依赖 | npm |
| normalize-range | 0.1.2 | 间接依赖 | npm |
| postcss-nested | 6.0.1 | 间接依赖 | npm |
| queue-microtask | 1.2.3 | 间接依赖 | npm |
| browserslist | 4.21.9 | 间接依赖 | npm |
| voku/portable-ascii | 2.0.1 | 间接依赖 | composer |
| mtdowling/jmespath.php | 2.7.0 | 间接依赖 | composer |
| ohdearapp/ohdear-php-sdk | 3.7.0 | 间接依赖 | composer |
| spatie/crawler | 7.1.3 | 间接依赖 | composer |
| sentry/sentry | 3.21.0 | 间接依赖 | composer |
| yarri/link-finder | v2.7.10 | 间接依赖 | composer |
| symfony/service-contracts | v3.3.0 | 间接依赖 | composer |
| @alloc/quick-lru | 5.2.0 | 间接依赖 | npm |
| wrappy | 1.0.2 | 间接依赖 | npm |
| @tailwindcss/forms | 0.4.1 | 直接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| esbuild-android-64 | 0.14.54 | 间接依赖 | npm |
| illuminate/notifications | 间接依赖 | composer | |
| inflight | 1.0.6 | 间接依赖 | npm |
| fast-glob | 3.3.1 | 间接依赖 | npm |
| laravel/prompts | v0.1.11 | 间接依赖 | composer |
| update-browserslist-db | 1.0.11 | 间接依赖 | npm |
| tailwindcss | 3.3.3 | 直接依赖 | npm |
| pify | 2.3.0 | 间接依赖 | npm |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| nikic/php-parser | v4.17.1 | 间接依赖 | composer |
| blade-ui-kit/blade-heroicons | 2.1.0 | 间接依赖 | composer |
| guzzlehttp/psr7 | 2.6.1 | 间接依赖 | composer |
| psr/simple-cache | 3.0.0 | 间接依赖 | composer |
| symfony/http-kernel | v6.3.6 | 间接依赖 | composer |
| riimu/kit-phpencoder | v2.4.2 | 间接依赖 | composer |
| @algolia/transporter | 4.19.1 | 间接依赖 | npm |
| psr/cache | 3.0.0 | 间接依赖 | composer |
| laravel/sanctum | v3.3.1 | 间接依赖 | composer |
| symfony/uid | v6.3.0 | 间接依赖 | composer |
| guzzlehttp/promises | 2.0.1 | 间接依赖 | composer |
| spatie/ignition | 1.11.3 | 间接依赖 | composer |
| @jridgewell/gen-mapping | 0.3.3 | 间接依赖 | npm |
| dlv | 1.1.3 | 间接依赖 | npm |
| doctrine/event-manager | 2.0.0 | 间接依赖 | composer |
| nyholm/psr7 | 1.8.0 | 间接依赖 | composer |
| egulias/email-validator | 4.0.2 | 间接依赖 | composer |
| esbuild-linux-s390x | 0.14.54 | 间接依赖 | npm |
| @algolia/client-account | 4.19.1 | 间接依赖 | npm |
| spatie/browsershot | 3.59.0 | 间接依赖 | composer |
| picocolors | 1.0.0 | 间接依赖 | npm |
| is-glob | 4.0.3 | 间接依赖 | npm |
| spatie/image | 2.2.7 | 间接依赖 | composer |
| has | 1.0.3 | 间接依赖 | npm |
| symfony/var-dumper | v6.3.6 | 间接依赖 | composer |
| esbuild-windows-arm64 | 0.14.54 | 间接依赖 | npm |
| lodash.merge | 4.6.2 | 间接依赖 | npm |
| esbuild-sunos-64 | 0.14.54 | 间接依赖 | npm |
| laravel-notification-channels/twitter | v8.0.0 | 间接依赖 | composer |
| @jridgewell/resolve-uri | 3.1.0 | 间接依赖 | npm |
| redux | 4.2.1 | 间接依赖 | npm |
| spatie/laravel-sitemap | 6.4.0 | 间接依赖 | composer |
| psr/container | 2.0.2 | 间接依赖 | composer |
| http-interop/http-factory-guzzle | 1.2.0 | 间接依赖 | composer |
| postcss-js | 4.0.1 | 间接依赖 | npm |
| illuminate/filesystem | 间接依赖 | composer | |
| symfony/string | v6.3.5 | 间接依赖 | composer |
| kylewm/brevity | 0.2.10 | 间接依赖 | composer |
| sentry/sentry-laravel | 3.8.2 | 间接依赖 | composer |
| illuminate/queue | 间接依赖 | composer | |
| laravel/serializable-closure | v1.3.1 | 间接依赖 | composer |
| guzzlehttp/guzzle | 7.8.0 | 间接依赖 | composer |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| object-assign | 4.1.1 | 间接依赖 | npm |
| symfony/options-resolver | v6.3.0 | 间接依赖 | composer |
| commander | 4.1.1 | 间接依赖 | npm |
| symfony/dom-crawler | v6.3.4 | 间接依赖 | composer |
| masterminds/html5 | 2.8.1 | 间接依赖 | composer |
| is-binary-path | 2.1.0 | 间接依赖 | npm |
| highlight.js | 10.7.3 | 直接依赖 | npm |
| esbuild-freebsd-64 | 0.14.54 | 间接依赖 | npm |
| nanoid | 3.3.6 | 间接依赖 | npm |
| symfony/routing | v6.3.5 | 间接依赖 | composer |
| laravel/tinker | v2.8.2 | 间接依赖 | composer |
| illuminate/bus | 间接依赖 | composer | |
| anymatch | 3.1.3 | 间接依赖 | npm |
| @nodelib/fs.scandir | 2.1.5 | 间接依赖 | npm |
| esbuild-darwin-arm64 | 0.14.54 | 间接依赖 | npm |
| run-parallel | 1.2.0 | 间接依赖 | npm |
| is-extglob | 2.1.1 | 间接依赖 | npm |
| psr/http-factory | 1.0.2 | 间接依赖 | composer |
| yaml | 2.3.1 | 间接依赖 | npm |
| illuminate/validation | 间接依赖 | composer | |
| normalize-path | 3.0.0 | 间接依赖 | npm |
| doctrine/lexer | 3.0.0 | 间接依赖 | composer |
| vlucas/phpdotenv | v5.5.0 | 间接依赖 | composer |
| esbuild-windows-64 | 0.14.54 | 间接依赖 | npm |
| jean85/pretty-package-versions | 2.0.5 | 间接依赖 | composer |
| spatie/robots-txt | 2.0.2 | 间接依赖 | composer |
| league/config | v1.2.0 | 间接依赖 | composer |
| nette/schema | v1.2.5 | 间接依赖 | composer |
| esbuild | 0.14.54 | 间接依赖 | npm |
| lilconfig | 2.1.0 | 间接依赖 | npm |
| illuminate/pagination | 间接依赖 | composer | |
| any-promise | 1.3.0 | 间接依赖 | npm |
| esbuild-linux-32 | 0.14.54 | 间接依赖 | npm |
| binary-extensions | 2.2.0 | 间接依赖 | npm |
| symfony/http-foundation | v6.3.6 | 间接依赖 | composer |
| arg | 5.0.2 | 间接依赖 | npm |
| doctrine/inflector | 2.0.8 | 间接依赖 | composer |
| electron-to-chromium | 1.4.473 | 间接依赖 | npm |
| postcss-value-parser | 4.2.0 | 间接依赖 | npm |
| psr/http-client | 1.0.3 | 间接依赖 | composer |
| symfony/mailer | v6.3.5 | 间接依赖 | composer |
| camelcase-css | 2.0.1 | 间接依赖 | npm |
| symfony/translation | v6.3.6 | 间接依赖 | composer |
| monolog/monolog | 3.4.0 | 间接依赖 | composer |
| symfony/polyfill-ctype | v1.28.0 | 间接依赖 | composer |
| illuminate/console | 间接依赖 | composer | |
| nicmart/tree | 0.3.1 | 间接依赖 | composer |
| fuse.js | 3.6.1 | 间接依赖 | npm |
| symfony/http-client | v6.3.6 | 间接依赖 | composer |
| textarea-caret | 3.1.0 | 直接依赖 | npm |
| esbuild-darwin-64 | 0.14.54 | 间接依赖 | npm |
| algolia/scout-extended | v3.0.0 | 间接依赖 | composer |
| laravel/horizon | v5.21.1 | 间接依赖 | composer |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| blade-ui-kit/blade-ui-kit | 0.4.0 | 间接依赖 | composer |
| composer-plugin-api | 间接依赖 | composer | |
| php-http/discovery | 1.19.1 | 间接依赖 | composer |
| brick/math | 0.11.0 | 间接依赖 | composer |
| once | 1.4.0 | 间接依赖 | npm |
| algoliasearch | 4.19.1 | 直接依赖 | npm |
| symfony/polyfill-php72 | v1.28.0 | 间接依赖 | composer |
| @babel/runtime | 7.22.6 | 间接依赖 | npm |
| fsevents | 2.3.2 | 间接依赖 | npm |
| @vue/reactivity | 3.1.5 | 间接依赖 | npm |
| @algolia/client-analytics | 4.19.1 | 间接依赖 | npm |
| postcss | 8.4.31 | 间接依赖 | npm |
| symfony/http-client-contracts | v3.3.0 | 间接依赖 | composer |
| @algolia/cache-common | 4.19.1 | 间接依赖 | npm |
| dflydev/dot-access-data | v3.0.2 | 间接依赖 | composer |
| spatie/laravel-feed | 4.3.0 | 间接依赖 | composer |
| fruitcake/php-cors | v1.3.0 | 间接依赖 | composer |
| league/mime-type-detection | 1.14.0 | 间接依赖 | composer |
| lodash.isplainobject | 4.0.6 | 间接依赖 | npm |
| symfony/polyfill-php83 | v1.28.0 | 间接依赖 | composer |
| league/flysystem-local | 3.18.0 | 间接依赖 | composer |
| lodash.castarray | 4.4.0 | 间接依赖 | npm |
| @tailwindcss/typography | 0.5.9 | 直接依赖 | npm |
| symfony/css-selector | v6.3.2 | 间接依赖 | composer |
| illuminate/cache | 间接依赖 | composer | |
| illuminate/pipeline | 间接依赖 | composer | |
| esbuild-freebsd-arm64 | 0.14.54 | 间接依赖 | npm |
| symfony/event-dispatcher-contracts | v3.3.0 | 间接依赖 | composer |
| phpoption/phpoption | 1.9.1 | 间接依赖 | composer |
| axios | 0.25.0 | 直接依赖 | npm |
| follow-redirects | 1.15.2 | 间接依赖 | npm |
| lorisleiva/cron-translator | v0.4.4 | 间接依赖 | composer |
| doctrine/deprecations | 1.1.2 | 间接依赖 | composer |
| pirates | 4.0.6 | 间接依赖 | npm |
| mini-svg-data-uri | 1.4.4 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| illuminate/support | 间接依赖 | composer | |
| braces | 3.0.2 | 间接依赖 | npm |
| ralouphie/getallheaders | 3.0.3 | 间接依赖 | composer |
| doctrine/cache | 2.2.0 | 间接依赖 | composer |
| psr/event-dispatcher | 1.0.0 | 间接依赖 | composer |
| doctrine/dbal | 3.7.1 | 间接依赖 | composer |
| symfony/polyfill-uuid | v1.28.0 | 间接依赖 | composer |
| composer/ca-bundle | 1.3.7 | 间接依赖 | composer |
| predis/predis | v2.2.2 | 间接依赖 | composer |
| choices.js | 9.1.0 | 直接依赖 | npm |
| @algolia/client-personalization | 4.19.1 | 间接依赖 | npm |
| jiti | 1.19.1 | 间接依赖 | npm |
| symfony/mime | v6.3.5 | 间接依赖 | composer |
| illuminate/collections | 间接依赖 | composer | |
| php-http/message | 1.16.0 | 间接依赖 | composer |
| sentry/sdk | 3.5.0 | 间接依赖 | composer |
| psr/http-message | 2.0 | 间接依赖 | composer |
| abraham/twitteroauth | 5.0.0 | 间接依赖 | composer |
| blade-ui-kit/blade-zondicons | 1.4.0 | 间接依赖 | composer |
| @nodelib/fs.stat | 2.0.5 | 间接依赖 | npm |
| laravel-notification-channels/telegram | 4.0.0 | 间接依赖 | composer |
| sucrase | 3.34.0 | 间接依赖 | npm |
| php-http/promise | 1.1.0 | 间接依赖 | composer |
| webmozart/assert | 1.11.0 | 间接依赖 | composer |
| @algolia/requester-common | 4.19.1 | 间接依赖 | npm |
| symfony/psr-http-message-bridge | v2.3.1 | 间接依赖 | composer |
| symfony/polyfill-php80 | v1.28.0 | 间接依赖 | composer |
| symfony/polyfill-intl-grapheme | v1.28.0 | 间接依赖 | composer |
| nesbot/carbon | 2.71.0 | 间接依赖 | composer |
| is-number | 7.0.0 | 间接依赖 | npm |
| vite | 2.9.16 | 直接依赖 | npm |
| @jridgewell/trace-mapping | 0.3.18 | 间接依赖 | npm |
| esbuild-linux-mips64le | 0.14.54 | 间接依赖 | npm |
| aws/aws-sdk-php | 3.283.9 | 间接依赖 | composer |
| esbuild-linux-riscv64 | 0.14.54 | 间接依赖 | npm |
| postcss-load-config | 4.0.1 | 间接依赖 | npm |
| livewire/livewire | v2.12.6 | 间接依赖 | composer |
| @algolia/cache-browser-local-storage | 4.19.1 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| read-cache | 1.0.0 | 间接依赖 | npm |
| @algolia/client-search | 4.19.1 | 间接依赖 | npm |
| fraction.js | 4.2.0 | 间接依赖 | npm |
| micromatch | 4.0.5 | 间接依赖 | npm |
| spatie/temporary-directory | 2.2.0 | 间接依赖 | composer |
| @algolia/cache-in-memory | 4.19.1 | 间接依赖 | npm |
| @esbuild/linux-loong64 | 0.14.54 | 间接依赖 | npm |
| @algolia/requester-node-http | 4.19.1 | 间接依赖 | npm |
| @algolia/logger-console | 4.19.1 | 间接依赖 | npm |
| tijsverkoyen/css-to-inline-styles | 2.2.6 | 间接依赖 | composer |
| intervention/image | 2.7.2 | 间接依赖 | composer |
| object-hash | 3.0.0 | 间接依赖 | npm |
| reusify | 1.0.4 | 间接依赖 | npm |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| @tailwindcss/aspect-ratio | 0.2.2 | 直接依赖 | npm |
| merge2 | 1.4.1 | 间接依赖 | npm |
| illuminate/contracts | 间接依赖 | composer | |
| @nodelib/fs.walk | 1.2.8 | 间接依赖 | npm |
| symfony/mailgun-mailer | v6.3.6 | 间接依赖 | composer |
| league/flysystem | 3.18.0 | 间接依赖 | composer |
| laravel/socialite | v5.9.1 | 间接依赖 | composer |
| symfony/process | v6.3.4 | 间接依赖 | composer |
| readdirp | 3.6.0 | 间接依赖 | npm |
| esbuild-openbsd-64 | 0.14.54 | 间接依赖 | npm |
| @algolia/logger-common | 4.19.1 | 间接依赖 | npm |
| symfony/event-dispatcher | v6.3.2 | 间接依赖 | composer |
| spatie/flare-client-php | 1.4.3 | 间接依赖 | composer |
| esbuild-android-arm64 | 0.14.54 | 间接依赖 | npm |
| laravel/scout | v10.5.0 | 间接依赖 | composer |
| codeat3/blade-simple-icons | 1.91.0 | 间接依赖 | composer |
| ramsey/uuid | 4.7.4 | 间接依赖 | composer |
| glob | 7.1.6 | 间接依赖 | npm |
| thenify | 3.3.1 | 间接依赖 | npm |
| psy/psysh | v0.11.22 | 间接依赖 | composer |
| symfony/error-handler | v6.3.5 | 间接依赖 | composer |
| composer-runtime-api | 间接依赖 | composer | |
| php-http/message-factory | 1.1.0 | 间接依赖 | composer |
| rollup | 2.77.3 | 间接依赖 | npm |
| thenify-all | 1.6.0 | 间接依赖 | npm |
| ts-interface-checker | 0.1.13 | 间接依赖 | npm |
| aws/aws-crt-php | v1.2.2 | 间接依赖 | composer |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| blade-ui-kit/blade-icons | 1.5.3 | 间接依赖 | composer |
| spatie/backtrace | 1.5.3 | 间接依赖 | composer |
| nunomaduro/termwind | v1.15.1 | 间接依赖 | composer |
| opis/closure | 3.6.3 | 间接依赖 | composer |
| @jridgewell/sourcemap-codec | 1.4.15 | 间接依赖 | npm |
| esbuild-linux-arm | 0.14.54 | 间接依赖 | npm |
| dragonmantank/cron-expression | v3.3.3 | 间接依赖 | composer |
| postcss-import | 14.1.0 | 间接依赖 | npm |
| esbuild-linux-arm64 | 0.14.54 | 间接依赖 | npm |
| esbuild-windows-32 | 0.14.54 | 间接依赖 | npm |
| esbuild-linux-ppc64le | 0.14.54 | 间接依赖 | npm |
| illuminate/http | 间接依赖 | composer | |
| illuminate/database | 间接依赖 | composer | |
| spatie/laravel-package-tools | 1.16.1 | 间接依赖 | composer |
| intervention/imagecache | 2.6.0 | 间接依赖 | composer |
| concat-map | 0.0.1 | 间接依赖 | npm |
| balanced-match | 1.0.2 | 间接依赖 | npm |
| php-http/httplug | 2.4.0 | 间接依赖 | composer |
| spatie/laravel-ignition | 2.3.1 | 间接依赖 | composer |
| php-http/async-client-implementation | 间接依赖 | composer | |
| cssesc | 3.0.0 | 间接依赖 | npm |
| spatie/laravel-schedule-monitor | 3.4.0 | 间接依赖 | composer |
| laravel-vite-plugin | 0.2.4 | 直接依赖 | npm |
| alpinejs | 3.12.3 | 直接依赖 | npm |
| psr/log | 3.0.0 | 间接依赖 | composer |