基础信息
项目名称:lxfater/inpaint-web
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1729915722196275200/1729915722422767616
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| semver | 6.3.1 | 7.5.2 | 间接依赖 | 可选修复 |
| tslib | 2.3.1 | 间接依赖 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| CC-BY-4.0 | 1 | 低 |
| MIT | 126 | 低 |
| BSD-3-Clause | 5 | 低 |
| ISC | 4 | 低 |
| Apache-2.0 | 4 | 低 |
| Unlicense | 3 | 低 |
| CC0-1.0 | 1 | 低 |
| BSD-2-Clause | 2 | 低 |
| 0BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| caniuse-lite | 1.0.30001563 | 间接依赖 | npm |
| parent-module | 1.0.1 | 间接依赖 | npm |
| @babel/helpers | 7.23.4 | 间接依赖 | npm |
| vite | 5.0.2 | 间接依赖 | npm |
| source-map | 0.5.6 | 间接依赖 | npm |
| error-ex | 1.3.2 | 间接依赖 | npm |
| gensync | 1.0.0-beta.2 | 间接依赖 | npm |
| @svgr/babel-plugin-svg-dynamic-title | 8.0.0 | 间接依赖 | npm |
| @svgr/babel-plugin-transform-react-native-svg | 8.1.0 | 间接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| resolve-from | 4.0.0 | 间接依赖 | npm |
| import-fresh | 3.3.0 | 间接依赖 | npm |
| react-universal-interface | 0.6.2 | 间接依赖 | npm |
| @babel/helper-split-export-declaration | 7.22.6 | 间接依赖 | npm |
| @babel/traverse | 7.23.4 | 间接依赖 | npm |
| to-fast-properties | 2.0.0 | 间接依赖 | npm |
| nanoid | 3.3.7 | 间接依赖 | npm |
| lie | 3.1.1 | 间接依赖 | npm |
| source-map | 0.6.1 | 间接依赖 | npm |
| isobject | 3.0.1 | 间接依赖 | npm |
| escape-string-regexp | 4.0.0 | 间接依赖 | npm |
| update-browserslist-db | 1.0.13 | 间接依赖 | npm |
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| snake-case | 3.0.4 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.22.20 | 间接依赖 | npm |
| fastest-stable-stringify | 2.0.2 | 间接依赖 | npm |
| @babel/helper-module-transforms | 7.23.3 | 间接依赖 | npm |
| json5 | 2.2.3 | 间接依赖 | npm |
| toggle-selection | 1.0.6 | 间接依赖 | npm |
| typescript | 4.4.4 | 间接依赖 | npm |
| cosmiconfig | 8.3.6 | 间接依赖 | npm |
| postcss | 8.4.31 | 间接依赖 | npm |
| jsesc | 2.5.2 | 间接依赖 | npm |
| supports-color | 7.2.0 | 间接依赖 | npm |
| stackframe | 1.2.0 | 间接依赖 | npm |
| regenerator-runtime | 0.14.0 | 间接依赖 | npm |
| @babel/runtime | 7.23.2 | 间接依赖 | npm |
| @babel/helper-simple-access | 7.22.5 | 间接依赖 | npm |
| opencv-ts | 1.3.6 | 间接依赖 | npm |
| css-tree | 1.1.3 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| @babel/generator | 7.23.4 | 间接依赖 | npm |
| @svgr/babel-preset | 8.1.0 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| semver | 6.3.1 | 间接依赖 | npm |
| throttle-debounce | 3.0.1 | 间接依赖 | npm |
| chalk | 2.4.2 | 间接依赖 | npm |
| error-stack-parser | 2.0.6 | 间接依赖 | npm |
| nano-css | 5.3.4 | 间接依赖 | npm |
| path-type | 4.0.0 | 间接依赖 | npm |
| @babel/helper-validator-option | 7.22.15 | 间接依赖 | npm |
| @babel/template | 7.22.15 | 间接依赖 | npm |
| fast-shallow-equal | 1.0.0 | 间接依赖 | npm |
| resize-observer-polyfill | 1.5.1 | 间接依赖 | npm |
| @babel/highlight | 7.23.4 | 间接依赖 | npm |
| @svgr/babel-plugin-remove-jsx-attribute | 8.0.0 | 间接依赖 | npm |
| rollup | 4.5.2 | 间接依赖 | npm |
| @babel/helper-environment-visitor | 7.22.20 | 间接依赖 | npm |
| react-zoom-pan-pinch | 3.3.0 | 间接依赖 | npm |
| @svgr/hast-util-to-babel-ast | 8.0.0 | 间接依赖 | npm |
| immediate | 3.0.6 | 间接依赖 | npm |
| @jridgewell/gen-mapping | 0.3.3 | 间接依赖 | npm |
| tsconfck | 2.1.2 | 间接依赖 | npm |
| object-assign | 4.1.1 | 间接依赖 | npm |
| @svgr/babel-plugin-add-jsx-attribute | 8.0.0 | 间接依赖 | npm |
| ts-easing | 0.2.0 | 间接依赖 | npm |
| lru-cache | 5.1.1 | 间接依赖 | npm |
| @types/json-schema | 7.0.9 | 间接依赖 | npm |
| argparse | 1.0.10 | 间接依赖 | npm |
| mdn-data | 2.0.14 | 间接依赖 | npm |
| lower-case | 2.0.2 | 间接依赖 | npm |
| sprintf-js | 1.0.3 | 间接依赖 | npm |
| @babel/helper-module-imports | 7.22.15 | 间接依赖 | npm |
| @swc/counter | 0.1.2 | 间接依赖 | npm |
| @babel/core | 7.23.3 | 间接依赖 | npm |
| globrex | 0.1.2 | 间接依赖 | npm |
| @rollup/pluginutils | 5.0.5 | 间接依赖 | npm |
| @babel/code-frame | 7.23.4 | 间接依赖 | npm |
| dot-case | 3.0.4 | 间接依赖 | npm |
| stack-generator | 2.0.5 | 间接依赖 | npm |
| camelcase | 6.3.0 | 间接依赖 | npm |
| copy-to-clipboard | 3.3.1 | 间接依赖 | npm |
| is-arrayish | 0.2.1 | 间接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| @vitejs/plugin-react-swc | 3.5.0 | 间接依赖 | npm |
| entities | 4.5.0 | 间接依赖 | npm |
| vite-plugin-eslint | 1.8.1 | 间接依赖 | npm |
| react-dom | 17.0.2 | 间接依赖 | npm |
| vite-plugin-svgr | 4.2.0 | 间接依赖 | npm |
| @svgr/plugin-jsx | 8.1.0 | 间接依赖 | npm |
| tslib | 2.3.1 | 间接依赖 | npm |
| @svgr/babel-plugin-transform-svg-component | 8.0.0 | 间接依赖 | npm |
| browserslist | 4.22.1 | 间接依赖 | npm |
| hyphenate-style-name | 1.0.4 | 间接依赖 | npm |
| esbuild | 0.19.7 | 间接依赖 | npm |
| @babel/compat-data | 7.23.3 | 间接依赖 | npm |
| @swc/types | 0.1.5 | 间接依赖 | npm |
| @svgr/babel-plugin-svg-em-dimensions | 8.0.0 | 间接依赖 | npm |
| inline-style-prefixer | 6.0.1 | 间接依赖 | npm |
| @ampproject/remapping | 2.2.1 | 间接依赖 | npm |
| @swc/core | 1.3.99 | 间接依赖 | npm |
| @jridgewell/trace-mapping | 0.3.20 | 间接依赖 | npm |
| js-yaml | 3.14.1 | 间接依赖 | npm |
| @babel/helper-function-name | 7.23.0 | 间接依赖 | npm |
| localforage | 1.10.0 | 间接依赖 | npm |
| @types/eslint | 8.44.7 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| @types/js-cookie | 2.2.7 | 间接依赖 | npm |
| rtl-css-js | 1.14.2 | 间接依赖 | npm |
| @xobotyi/scrollbar-width | 1.9.5 | 间接依赖 | npm |
| estree-walker | 2.0.2 | 间接依赖 | npm |
| react-use | 17.3.1 | 间接依赖 | npm |
| @heroicons/react | 1.0.4 | 间接依赖 | npm |
| callsites | 3.1.0 | 间接依赖 | npm |
| @babel/parser | 7.23.4 | 间接依赖 | npm |
| @rollup/pluginutils | 4.2.1 | 间接依赖 | npm |
| stylis | 4.0.10 | 间接依赖 | npm |
| @types/estree | 1.0.5 | 间接依赖 | npm |
| @babel/types | 7.23.4 | 间接依赖 | npm |
| @babel/helper-string-parser | 7.23.4 | 间接依赖 | npm |
| esprima | 4.0.1 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| globals | 11.12.0 | 间接依赖 | npm |
| debug | 4.3.4 | 间接依赖 | npm |
| node-releases | 2.0.13 | 间接依赖 | npm |
| electron-to-chromium | 1.4.588 | 间接依赖 | npm |
| @jridgewell/resolve-uri | 3.1.1 | 间接依赖 | npm |
| @babel/helper-compilation-targets | 7.22.15 | 间接依赖 | npm |
| js-cookie | 2.2.1 | 间接依赖 | npm |
| @svgr/core | 8.1.0 | 间接依赖 | npm |
| sourcemap-codec | 1.4.8 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| css-in-js-utils | 2.0.1 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| csstype | 3.0.9 | 间接依赖 | npm |
| @svgr/babel-plugin-replace-jsx-attribute-value | 8.0.0 | 间接依赖 | npm |
| screenfull | 5.1.0 | 间接依赖 | npm |
| set-harmonic-interval | 1.0.1 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| parse-json | 5.2.0 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.15 | 间接依赖 | npm |
| lines-and-columns | 1.1.6 | 间接依赖 | npm |
| vite-tsconfig-paths | 4.2.1 | 间接依赖 | npm |
| has-flag | 4.0.0 | 间接依赖 | npm |
| svg-parser | 2.0.4 | 间接依赖 | npm |
| rollup | 2.79.1 | 间接依赖 | npm |
| react | 17.0.2 | 间接依赖 | npm |
| @babel/helper-hoist-variables | 7.22.5 | 间接依赖 | npm |
| stacktrace-gps | 3.0.4 | 间接依赖 | npm |
| stacktrace-js | 2.0.2 | 间接依赖 | npm |
| no-case | 3.0.4 | 间接依赖 | npm |
| convert-source-map | 2.0.0 | 间接依赖 | npm |
| @svgr/babel-plugin-remove-jsx-empty-expression | 8.0.0 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| scheduler | 0.20.2 | 间接依赖 | npm |