基础信息
项目名称:johnmpotter/npm-trends
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721315794318032896/1728529966737874944
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Moment.js 正则拒绝服务漏洞 | 拒绝服务 | MPS-2022-11159 | CVE-2022-31129 | 高危 |
| sanitize-html 拒绝服务漏洞 | ReDoS | MPS-2022-5170 | CVE-2022-25887 | 高危 |
| decode-uri-component | 拒绝服务 | MPS-2022-56259 | CVE-2022-38900 | 高危 |
| minimatch 资源管理错误漏洞 | 拒绝服务 | MPS-2022-59845 | CVE-2022-3517 | 高危 |
| ZEIT Next.js 安全漏洞 | MPS-cl5v-ayrn | CVE-2023-46298 | 高危 | |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| sanitize-html | 2.4.0 | 2.7.1 | 直接依赖 | 建议修复 |
| decode-uri-component | 0.2.0 | 0.2.1 | 间接依赖 | 建议修复 |
| minimatch | 3.0.4 | 3.0.5 | 间接依赖 | 建议修复 |
| next | 12.3.1 | 13.4.20-canary.13 | 直接依赖 | 可选修复 |
| postcss | 8.4.16 | 8.4.31 | 间接依赖 | 可选修复 |
| postcss | 8.4.14 | 8.4.31 | 间接依赖 | 可选修复 |
| moment | 2.29.3 | 2.29.4 | 间接依赖 | 可选修复 |
| next | 12.2.0 | 13.4.20-canary.13 | 直接依赖 | 可选修复 |
| tslib | 2.4.0 | 间接依赖 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 172 | 低 |
| ISC | 16 | 低 |
| BSD-2-Clause | 7 | 低 |
| BSD-3-Clause | 3 | 低 |
| Apache-2.0 | 4 | 低 |
| CC-BY-4.0 | 2 | 低 |
| 0BSD | 1 | 低 |
| Unlicense | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| react-query | 3.39.1 | 直接依赖 | npm |
| @swc/helpers | 0.4.11 | 间接依赖 | npm |
| hosted-git-info | 3.0.8 | 直接依赖 | npm |
| domelementtype | 2.3.0 | 间接依赖 | npm |
| @next/swc-linux-x64-musl | 12.3.1 | 直接依赖 | npm |
| react | 18.2.0 | 直接依赖 | npm |
| prettier | 2.7.1 | 直接依赖 | npm |
| entities | 2.2.0 | 间接依赖 | npm |
| @reach/rect | 0.17.0 | 间接依赖 | npm |
| gzip-size | 6.0.0 | 间接依赖 | npm |
| parse-srcset | 1.0.2 | 间接依赖 | npm |
| @types/react | 16.14.32 | 直接依赖 | npm |
| @reach/descendants | 0.17.0 | 间接依赖 | npm |
| anymatch | 3.1.2 | 间接依赖 | npm |
| normalize-path | 3.0.0 | 间接依赖 | npm |
| postcss | 8.4.14 | 间接依赖 | npm |
| rc-tooltip | 5.1.1 | 直接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| readdirp | 3.6.0 | 间接依赖 | npm |
| @types/react-dom | 16.9.16 | 直接依赖 | npm |
| chokidar | 3.5.3 | 间接依赖 | npm |
| react-transition-group | 4.4.2 | 间接依赖 | npm |
| chokidar | 3.5.2 | 间接依赖 | npm |
| @next/env | 12.3.1 | 间接依赖 | npm |
| escape-string-regexp | 4.0.0 | 间接依赖 | npm |
| dayjs | 1.11.5 | 直接依赖 | npm |
| @reach/combobox | 0.17.0 | 直接依赖 | npm |
| react-ga | 3.3.1 | 直接依赖 | npm |
| csstype | 3.1.1 | 间接依赖 | npm |
| rc-util | 5.22.5 | 间接依赖 | npm |
| glob-parent | 5.1.2 | 间接依赖 | npm |
| supports-color | 7.2.0 | 直接依赖 | npm |
| decode-uri-component | 0.2.0 | 间接依赖 | npm |
| ws | 7.5.9 | 间接依赖 | npm |
| fsevents | 2.3.2 | 直接依赖 | npm |
| webpack-bundle-analyzer | 4.3.0 | 间接依赖 | npm |
| has-flag | 4.0.0 | 间接依赖 | npm |
| opener | 1.5.2 | 间接依赖 | npm |
| oblivious-set | 1.0.0 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001412 | 间接依赖 | npm |
| color-convert | 1.9.3 | 间接依赖 | npm |
| @types/prop-types | 15.7.5 | 间接依赖 | npm |
| @next/swc-linux-x64-gnu | 12.2.0 | 间接依赖 | npm |
| @babel/runtime | 7.19.0 | 间接依赖 | npm |
| @types/node | 14.17.9 | 直接依赖 | npm |
| tiny-warning | 1.0.3 | 间接依赖 | npm |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| microseconds | 0.2.0 | 间接依赖 | npm |
| unload | 2.2.0 | 间接依赖 | npm |
| sanitize-html | 2.7.2 | 直接依赖 | npm |
| @next/swc-win32-arm64-msvc | 12.2.0 | 间接依赖 | npm |
| chalk | 4.1.2 | 间接依赖 | npm |
| @next/swc-android-arm64 | 12.3.1 | 直接依赖 | npm |
| acorn | 8.8.0 | 间接依赖 | npm |
| htmlparser2 | 6.1.0 | 间接依赖 | npm |
| sirv | 1.0.19 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| @reach/observe-rect | 1.2.0 | 直接依赖 | npm |
| glob | 7.1.6 | 间接依赖 | npm |
| @types/scheduler | 0.16.2 | 间接依赖 | npm |
| @next/swc-darwin-arm64 | 12.3.1 | 直接依赖 | npm |
| @next/swc-win32-ia32-msvc | 12.3.1 | 直接依赖 | npm |
| classnames | 2.2.5 | 直接依赖 | npm |
| inflight | 1.0.6 | 间接依赖 | npm |
| use-sync-external-store | 1.1.0 | 间接依赖 | npm |
| @next/swc-linux-x64-gnu | 12.3.1 | 直接依赖 | npm |
| @next/swc-darwin-arm64 | 12.2.0 | 间接依赖 | npm |
| resize-observer-polyfill | 1.5.1 | 间接依赖 | npm |
| dom-helpers | 5.2.1 | 间接依赖 | npm |
| react-dom | 18.2.0 | 直接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| minimatch | 3.0.4 | 间接依赖 | npm |
| @next/swc-freebsd-x64 | 12.2.0 | 间接依赖 | npm |
| deepmerge | 4.2.2 | 间接依赖 | npm |
| commander | 6.2.1 | 间接依赖 | npm |
| @next/swc-win32-x64-msvc | 12.2.0 | 间接依赖 | npm |
| ws | 7.5.8 | 间接依赖 | npm |
| rc-motion | 2.6.2 | 间接依赖 | npm |
| nano-time | 1.0.0 | 间接依赖 | npm |
| @next/swc-win32-x64-msvc | 12.3.1 | 直接依赖 | npm |
| styled-jsx | 5.0.7 | 间接依赖 | npm |
| is-binary-path | 2.1.0 | 间接依赖 | npm |
| moment | 2.29.4 | 间接依赖 | npm |
| dayjs | 1.11.3 | 直接依赖 | npm |
| @next/swc-freebsd-x64 | 12.3.1 | 直接依赖 | npm |
| react-toastify | 6.2.0 | 直接依赖 | npm |
| domelementtype | 2.2.0 | 间接依赖 | npm |
| sanitize-html | 2.4.0 | 直接依赖 | npm |
| classnames | 2.3.2 | 间接依赖 | npm |
| klona | 2.0.4 | 间接依赖 | npm |
| tslib | 2.4.0 | 间接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| filter-obj | 1.1.0 | 间接依赖 | npm |
| react-tiny-popover | 7.1.0 | 直接依赖 | npm |
| react-transition-group | 4.4.5 | 间接依赖 | npm |
| postcss | 8.4.16 | 间接依赖 | npm |
| prettier | 2.3.2 | 直接依赖 | npm |
| @next/swc-linux-arm64-musl | 12.3.1 | 直接依赖 | npm |
| next | 12.2.0 | 直接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| @next/swc-darwin-x64 | 12.2.0 | 间接依赖 | npm |
| rc-tooltip | 5.2.2 | 直接依赖 | npm |
| @swc/helpers | 0.4.2 | 间接依赖 | npm |
| scheduler | 0.23.0 | 间接依赖 | npm |
| duplexer | 0.1.2 | 间接依赖 | npm |
| react-query | 3.39.2 | 直接依赖 | npm |
| @reach/popover | 0.17.0 | 间接依赖 | npm |
| @next/swc-win32-ia32-msvc | 12.2.0 | 间接依赖 | npm |
| is-extglob | 2.1.1 | 间接依赖 | npm |
| object-assign | 4.1.1 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| rc-motion | 2.6.0 | 间接依赖 | npm |
| @types/prop-types | 15.7.4 | 间接依赖 | npm |
| remove-accents | 0.4.2 | 间接依赖 | npm |
| @next/swc-android-arm-eabi | 12.2.0 | 间接依赖 | npm |
| rc-trigger | 5.3.1 | 间接依赖 | npm |
| @next/swc-android-arm64 | 12.2.0 | 间接依赖 | npm |
| minimatch | 3.1.2 | 间接依赖 | npm |
| moment | 2.29.3 | 间接依赖 | npm |
| rc-util | 5.24.4 | 间接依赖 | npm |
| glob | 7.2.3 | 间接依赖 | npm |
| chartjs-color | 2.4.1 | 间接依赖 | npm |
| binary-extensions | 2.2.0 | 间接依赖 | npm |
| strict-uri-encode | 2.0.0 | 间接依赖 | npm |
| @reach/portal | 0.17.0 | 间接依赖 | npm |
| is-glob | 4.0.1 | 间接依赖 | npm |
| is-plain-object | 5.0.0 | 间接依赖 | npm |
| clsx | 1.2.1 | 间接依赖 | npm |
| typescript | 4.3.5 | 直接依赖 | npm |
| dom-align | 1.12.3 | 间接依赖 | npm |
| @types/react | 16.14.12 | 间接依赖 | npm |
| @next/swc-linux-x64-musl | 12.2.0 | 间接依赖 | npm |
| rc-align | 4.0.12 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| picomatch | 2.3.0 | 间接依赖 | npm |
| styled-jsx | 5.0.2 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| dom-serializer | 1.3.2 | 间接依赖 | npm |
| normalize.css | 8.0.1 | 直接依赖 | npm |
| shallowequal | 1.1.0 | 间接依赖 | npm |
| @next/env | 12.2.0 | 间接依赖 | npm |
| domutils | 2.8.0 | 间接依赖 | npm |
| split-on-first | 1.1.0 | 间接依赖 | npm |
| @babel/runtime | 7.18.3 | 间接依赖 | npm |
| prop-types | 15.7.2 | 间接依赖 | npm |
| @next/bundle-analyzer | 12.3.1 | 直接依赖 | npm |
| @types/react-dom | 16.9.14 | 直接依赖 | npm |
| @next/swc-linux-arm-gnueabihf | 12.3.1 | 直接依赖 | npm |
| big-integer | 1.6.51 | 间接依赖 | npm |
| @next/swc-android-arm-eabi | 12.3.1 | 直接依赖 | npm |
| dom-serializer | 1.4.1 | 间接依赖 | npm |
| domhandler | 4.2.0 | 间接依赖 | npm |
| immutable | 4.1.0 | 间接依赖 | npm |
| @next/swc-linux-arm64-musl | 12.2.0 | 间接依赖 | npm |
| sass | 1.55.0 | 直接依赖 | npm |
| chartjs-color-string | 0.6.0 | 间接依赖 | npm |
| regenerator-runtime | 0.13.9 | 间接依赖 | npm |
| next-plausible | 3.2.0 | 直接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| @next/swc-linux-arm-gnueabihf | 12.2.0 | 间接依赖 | npm |
| js-sha3 | 0.8.0 | 间接依赖 | npm |
| csstype | 3.0.6 | 间接依赖 | npm |
| is-number | 7.0.0 | 间接依赖 | npm |
| nanoid | 3.3.4 | 间接依赖 | npm |
| @next/swc-win32-arm64-msvc | 12.3.1 | 直接依赖 | npm |
| next-plausible | 3.6.3 | 直接依赖 | npm |
| totalist | 1.1.0 | 间接依赖 | npm |
| @next/swc-linux-arm64-gnu | 12.2.0 | 间接依赖 | npm |
| @reach/utils | 0.17.0 | 间接依赖 | npm |
| rimraf | 3.0.2 | 间接依赖 | npm |
| sass | 1.26.10 | 直接依赖 | npm |
| @types/chart.js | 2.9.37 | 直接依赖 | npm |
| wrappy | 1.0.2 | 间接依赖 | npm |
| query-string | 7.1.1 | 直接依赖 | npm |
| use-sync-external-store | 1.2.0 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001359 | 间接依赖 | npm |
| @next/swc-darwin-x64 | 12.3.1 | 直接依赖 | npm |
| broadcast-channel | 3.7.0 | 间接依赖 | npm |
| detect-node | 2.1.0 | 间接依赖 | npm |
| @types/node | 14.18.30 | 直接依赖 | npm |
| domutils | 2.6.0 | 间接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| mrmime | 1.0.1 | 间接依赖 | npm |
| reset-css | 2.2.1 | 直接依赖 | npm |
| @reach/auto-id | 0.17.0 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| next | 12.3.1 | 直接依赖 | npm |
| @polka/url | 1.0.0-next.21 | 间接依赖 | npm |
| acorn-walk | 8.2.0 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| tabbable | 4.0.0 | 直接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| @types/chart.js | 2.9.34 | 直接依赖 | npm |
| @next/swc-linux-arm64-gnu | 12.3.1 | 直接依赖 | npm |
| domhandler | 4.3.1 | 间接依赖 | npm |
| chart.js | 2.9.4 | 直接依赖 | npm |
| regenerator-runtime | 0.13.7 | 间接依赖 | npm |
| prop-types | 15.8.1 | 间接依赖 | npm |
| @types/requestidlecallback | 0.3.4 | 直接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| @next/bundle-analyzer | 12.1.6 | 直接依赖 | npm |
| typescript | 4.8.3 | 直接依赖 | npm |
| react-is | 16.13.1 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| match-sorter | 6.3.1 | 间接依赖 | npm |
| is-glob | 4.0.3 | 间接依赖 | npm |
| snarkdown | 2.0.0 | 直接依赖 | npm |
| clsx | 1.1.1 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |