基础信息
项目名称:GEM-benchmark/NL-Augmenter
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721219126969569280/1730971477509365760
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| nltk 代码问题漏洞 | 不充分的比较 | MPS-2021-32390 | CVE-2021-3828 | 高危 |
| nltk 安全漏洞 | ReDoS | MPS-2021-32644 | CVE-2021-3842 | 高危 |
| Natural Language Toolkit 资源管理错误漏洞 | 拒绝服务 | MPS-2021-36979 | CVE-2021-43854 | 高危 |
| dateparser 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-14825 | 低危 | |
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| nltk | 3.6.2 | 3.6.6 | 间接依赖 | 建议修复 |
| setuptools | 59.7.0 | 65.5.1 | 间接依赖 | 可选修复 |
| dateparser | 1.1.1 | 间接依赖 | 可选修复 | |
| transformers | 4.6.1 | 4.30.0 | 间接依赖 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 22 | 低 |
| 自定义许可证 | 12 | 低 |
| Apache-2.0 | 7 | 低 |
| BSD-3-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| jellyfish | 0.8.2 | 间接依赖 | pip |
| Any | 间接依赖 | pip | |
| stopwords | 间接依赖 | pip | |
| transliterate | 间接依赖 | pip | |
| num2words | 0.5.10 | 间接依赖 | pip |
| spacytextblob | 3.0.1 | 间接依赖 | pip |
| tesserocr | 2.5.2 | 间接依赖 | pip |
| TextLineDataset | 间接依赖 | pip | |
| spacy | 3.0.0 | 间接依赖 | pip |
| glove | 间接依赖 | pip | |
| lemminflect | 0.2.2 | 间接依赖 | pip |
| ftfy | 6.0.3 | 间接依赖 | pip |
| SoundsLike | 0.0.11 | 间接依赖 | pip |
| OpenCC | 1.1.2 | 间接依赖 | pip |
| mlconjug | 3.4.0 | 间接依赖 | pip |
| dateparser | 1.1.1 | 间接依赖 | pip |
| pyinflect | 0.5.1 | 间接依赖 | pip |
| CurrencyRates | 间接依赖 | pip | |
| g2pM | 0.1.2.5 | 间接依赖 | pip |
| Union | 间接依赖 | pip | |
| forex-python | 1.6 | 间接依赖 | pip |
| GPT2LMHeadModel | 间接依赖 | pip | |
| black | 21.5b2 | 间接依赖 | pip |
| Babel | 2.9.1 | 间接依赖 | pip |
| sacrebleu | 1.5.1 | 间接依赖 | pip |
| map_filter | 间接依赖 | pip | |
| PAST | 间接依赖 | pip | |
| LefffLemmatizer | 间接依赖 | pip | |
| setup | 间接依赖 | pip | |
| phonenumbers | 8.12.25 | 间接依赖 | pip |
| flake8 | 3.9.2 | 间接依赖 | pip |
| get_alphabets | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| nlaugmenter | 间接依赖 | pip | |
| pypinyin | 0.42.0 | 间接依赖 | pip |
| pytest-cov | 2.12.1 | 间接依赖 | pip |
| Unidecode | 1.2.0 | 间接依赖 | pip |
| map_transformation | 间接依赖 | pip | |
| jieba | 0.42.1 | 间接依赖 | pip |
| Callable | 间接依赖 | pip | |
| transformers | 4.6.1 | 间接依赖 | pip |
| editdistance | 0.5.3 | 间接依赖 | pip |
| fastpunct | 2.0.2 | 间接依赖 | pip |
| pattern3 | 3.0.0 | 间接依赖 | pip |
| pre-commit | 2.13.0 | 间接依赖 | pip |
| word2number | 1.1 | 间接依赖 | pip |
| POSTagger | 间接依赖 | pip | |
| PSM | 间接依赖 | pip | |
| find_packages | 间接依赖 | pip | |
| sentencepiece | 0.1.95 | 间接依赖 | pip |
| M2M100ForConditionalGeneration | 间接依赖 | pip | |
| GPT2Tokenizer | 间接依赖 | pip | |
| get_implementation | 间接依赖 | pip | |
| T5Tokenizer | 间接依赖 | pip | |
| AutoTokenizer | 间接依赖 | pip | |
| OperationRuns | 间接依赖 | pip | |
| nltk | 3.6.2 | 间接依赖 | pip |
| allennlp-models | 2.5.0 | 间接依赖 | pip |
| wordnet | 间接依赖 | pip | |
| Tuple | 间接依赖 | pip | |
| docopt | 0.6.2 | 间接依赖 | pip |
| OEM | 间接依赖 | pip | |
| spacy_nlp | 间接依赖 | pip | |
| detoxify | 0.2.2 | 间接依赖 | pip |
| AutoModel | 间接依赖 | pip | |
| benepar | 0.2.0 | 间接依赖 | pip |
| pronouncing | 0.2.0 | 间接依赖 | pip |
| textblob_fr | 0.2.0 | 间接依赖 | pip |
| sibyl_tool | 0.1.2 | 间接依赖 | pip |
| allennlp | 2.5.0 | 间接依赖 | pip |
| pandas | 1.2.0 | 间接依赖 | pip |
| T5ForConditionalGeneration | 间接依赖 | pip | |
| trdg | 1.6.0 | 间接依赖 | pip |
| RatesNotAvailableError | 间接依赖 | pip | |
| ftlid | 0.1.2 | 间接依赖 | pip |
| datasets | 1.7.0 | 间接依赖 | pip |
| KeyValueDataset | 间接依赖 | pip | |
| inflect | 5.3.0 | 间接依赖 | pip |
| setuptools | 59.7.0 | 间接依赖 | pip |
| BartTokenizer | 间接依赖 | pip | |
| List | 间接依赖 | pip | |
| nlpcda | 2.5.8 | 间接依赖 | pip |
| FSMTTokenizer | 间接依赖 | pip | |
| gender-extractor | 0.1.3 | 间接依赖 | pip |
| BartForConditionalGeneration | 间接依赖 | pip | |
| FSMTForConditionalGeneration | 间接依赖 | pip | |
| langid | 1.1.6 | 间接依赖 | pip |
| Optional | 间接依赖 | pip | |
| pytest | 6.2.4 | 间接依赖 | pip |
| cucco | 2.2.1 | 间接依赖 | pip |
| PLURAL | 间接依赖 | pip | |
| torchtext | 0.10.1 | 间接依赖 | pip |
| seqeval | 1.2.2 | 间接依赖 | pip |
| spacy-lefff | 0.4.0 | 间接依赖 | pip |
| isort | 5.9.1 | 间接依赖 | pip |
| M2M100Tokenizer | 间接依赖 | pip |