基础信息
项目名称:deepinsight/insightface
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721129368645795840/1722650992184631296
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| NumPy 代码问题漏洞 | 空指针取消引用 | MPS-2021-32278 | CVE-2021-41495 | 中危 |
| scikit-learn 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-15126 | 低危 | |
| GitHub horovod 安全漏洞 | 将资源暴露给错误范围 | MPS-2022-1632 | CVE-2022-0315 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| horovod | 0.24 | 0.24.0 | 间接依赖 | 建议修复 |
| scikit-learn | 0.23.2 | 0.24.2 | 间接依赖 | 可选修复 |
| numpy | 1.22.3 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 4 | 低 |
| MIT | 5 | 低 |
| 自定义许可证 | 6 | 低 |
| BSD-2-Clause | 1 | 低 |
| GPL-3.0 | 1 | 中 |
| BSD-3-Clause | 1 | 低 |
| LGPL-3.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| Type | 间接依赖 | pip | |
| cascade_refine | 间接依赖 | pip | |
| DictAction | 间接依赖 | pip | |
| Dataset | 间接依赖 | pip | |
| evaluate | 间接依赖 | pip | |
| normal_init | 间接依赖 | pip | |
| build_conv_layer | 间接依赖 | pip | |
| constant_init | 间接依赖 | pip | |
| IDMMD | 间接依赖 | pip | |
| torch | 1.13.1 | 间接依赖 | pip |
| scikit-learn | 0.23.2 | 间接依赖 | pip |
| OFRecordDataLoader | 间接依赖 | pip | |
| Namespace | 间接依赖 | pip | |
| multiclass_nms | 间接依赖 | pip | |
| opencv-python | 4.2.0.34 | 间接依赖 | pip |
| easydict | 1.9 | 间接依赖 | pip |
| CrossEntropyLoss | 间接依赖 | pip | |
| auto_fp16 | 间接依赖 | pip | |
| init_weights | 间接依赖 | pip | |
| caffe2_xavier_init | 间接依赖 | pip | |
| bbox_xyxy_to_cxcywh | 间接依赖 | pip | |
| Any | 间接依赖 | pip | |
| p_mpjpe | 间接依赖 | pip | |
| eval_recalls | 间接依赖 | pip | |
| EvalGraph | 间接依赖 | pip | |
| LVISResults | 间接依赖 | pip | |
| force_fp32 | 间接依赖 | pip | |
| isr_p | 间接依赖 | pip | |
| MMDistributedDataParallel | 间接依赖 | pip | |
| utils | 间接依赖 | pip | |
| SyntheticDataLoader | 间接依赖 | pip | |
| Bottleneck | 间接依赖 | pip | |
| xavier_init | 间接依赖 | pip | |
| ptflops | 间接依赖 | pip | |
| auc | 间接依赖 | pip | |
| CallBackModelSave | 间接依赖 | pip | |
| DataLoader | 间接依赖 | pip | |
| normalize | 间接依赖 | pip | |
| PIL | 间接依赖 | pip | |
| VGG | 间接依赖 | pip | |
| eval_map | 间接依赖 | pip | |
| mxboard | 0.1.0 | 间接依赖 | pip |
| bbox2roi | 间接依赖 | pip | |
| PolygonMasks | 间接依赖 | pip | |
| CallBackVerification | 间接依赖 | pip | |
| carl_loss | 间接依赖 | pip | |
| ArgumentParser | 间接依赖 | pip | |
| collate | 间接依赖 | pip | |
| multi_apply | 间接依赖 | pip | |
| mmcv | 间接依赖 | pip | |
| get_pck3d | 间接依赖 | pip | |
| NMEMetric | 间接依赖 | pip | |
| DropPath | 间接依赖 | pip | |
| kaiming_init | 间接依赖 | pip | |
| default | 间接依赖 | pip | |
| Rt26dof | 间接依赖 | pip | |
| LossValueMetric | 间接依赖 | pip | |
| BitmapMasks | 间接依赖 | pip | |
| save_obj | 间接依赖 | pip | |
| scatter | 间接依赖 | pip | |
| cmake | 3.22.3 | 间接依赖 | pip |
| Branch | 间接依赖 | pip | |
| ConvModule | 间接依赖 | pip | |
| bias_init_with_prob | 间接依赖 | pip | |
| to_2tuple | 间接依赖 | pip | |
| tqdm | 4.48.2 | 间接依赖 | pip |
| LVISEval | 间接依赖 | pip | |
| __version__ | 间接依赖 | pip | |
| DETECTORS | 间接依赖 | pip | |
| bbox2result | 间接依赖 | pip | |
| MMDataParallel | 间接依赖 | pip | |
| DataLoaderX | 间接依赖 | pip | |
| trainer_synthetics | 间接依赖 | pip | |
| init_detector | 间接依赖 | pip | |
| mmdet | 间接依赖 | pip | |
| numpy | 1.22.3 | 间接依赖 | pip |
| build_upsample_layer | 间接依赖 | pip | |
| HEADS | 间接依赖 | pip | |
| inference_detector | 间接依赖 | pip | |
| deeplab_xception | 间接依赖 | pip | |
| ResBlock | 间接依赖 | pip | |
| config | 间接依赖 | pip | |
| models | 间接依赖 | pip | |
| Conv2d | 间接依赖 | pip | |
| build_from_cfg | 间接依赖 | pip | |
| Cython | 0.29.28 | 间接依赖 | pip |
| bbox_mapping_back | 间接依赖 | pip | |
| CosFace | 间接依赖 | pip | |
| build_backbone | 间接依赖 | pip | |
| build_loss | 间接依赖 | pip | |
| short_version | 间接依赖 | pip | |
| rcnn | 间接依赖 | pip | |
| Config | 间接依赖 | pip | |
| load_objs_as_meshes | 间接依赖 | pip | |
| List | 间接依赖 | pip | |
| BasicBlock | 间接依赖 | pip | |
| rpn_fpn_ohem3 | 间接依赖 | pip | |
| gcn | 间接依赖 | pip | |
| roc_curve | 间接依赖 | pip | |
| Registry | 间接依赖 | pip | |
| FaceDataset | 间接依赖 | pip | |
| Linear | 间接依赖 | pip | |
| dataset | 间接依赖 | pip | |
| bbox_cxcywh_to_xyxy | 间接依赖 | pip | |
| load_pickle | 间接依赖 | pip | |
| horovod | 0.24 | 间接依赖 | pip |
| linear | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| TrainGraph | 间接依赖 | pip | |
| torchvision | 0.5.0 | 间接依赖 | pip |
| build_head | 间接依赖 | pip | |
| MXFaceDataset | 间接依赖 | pip | |
| CallBackLogging | 间接依赖 | pip | |
| Scale | 间接依赖 | pip | |
| rotate | 间接依赖 | pip | |
| build_norm_layer | 间接依赖 | pip | |
| SmoothL1Loss | 间接依赖 | pip |