metabrainz/listenbrainz-server 软件分析报告

基础信息

项目名称:metabrainz/listenbrainz-server

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1751866085351895040/1751866102024253440

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
NumPy 代码问题漏洞 空指针取消引用 MPS-2021-32278 CVE-2021-41495 中危
UltraJSON 安全漏洞 越界写入 MPS-2021-40089 CVE-2021-45958 中危
clean-css 拒绝服务 MPS-2022-12865 低危
msgpack 存在拒绝服务漏洞 拒绝服务 MPS-2022-14994 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
numpy 1.24.1 间接依赖 可选修复
clean-css 3.4.28 4.1.11 间接依赖 可选修复
ujson 5.4.0 间接依赖 可选修复
msgpack 0.5.6 0.6.0 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
Apache-2.0 12
BSD-3-Clause 38
BSD 1
MIT 199
自定义许可证 18
GPL-2.0 1
Apache-2.0 OR MIT 1
ISC 4
Unlicense 1
LGPL-2.1 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
python-dateutil 2.8.2 间接依赖 pip
Jinja2 3.1.3 间接依赖 pip
css-mediaquery 0.1.2 间接依赖 npm
uuid 7.0.3 间接依赖 npm
join_room 间接依赖 pip
countryinfo 0.1.2 间接依赖 pip
debounce-async 0.0.2 间接依赖 npm
@nivo/bar 0.81.0 间接依赖 npm
Werkzeug 3.0.1 间接依赖 pip
url_for 间接依赖 pip
load-script 1.0.0 间接依赖 npm
HTTPAdapter 间接依赖 pip
react-sortablejs 6.1.4 间接依赖 npm
zstandard 0.21.0 间接依赖 pip
react-fit 1.4.0 间接依赖 npm
config 间接依赖 pip
Iterator 间接依赖 pip
babel-runtime 6.26.0 间接依赖 npm
uWSGI 2.0.23 间接依赖 pip
sleep 间接依赖 pip
lodash.debounce 4.0.8 间接依赖 npm
performance-now 2.1.0 间接依赖 npm
@babel/types 7.23.0 间接依赖 npm
react-dom 18.2.0 间接依赖 npm
listenbrainz 间接依赖 pip
orjson 3.8.7 间接依赖 pip
typesense 0.14.0 间接依赖 pip
supports-preserve-symlinks-flag 1.0.0 间接依赖 npm
@sentry/tracing 7.17.4 间接依赖 npm
prepare_query 间接依赖 pip
DumpInvalidException 间接依赖 pip
pyarrow 14.0.1 间接依赖 pip
@types/prop-types 15.7.3 间接依赖 npm
d3-time 1.1.0 间接依赖 npm
google-auth 1.30.0 间接依赖 pip
more-itertools 8.8.0 间接依赖 pip
find-root 1.1.0 间接依赖 npm
less-plugin-clean-css 1.5.1 间接依赖 npm
loose-envify 1.4.0 间接依赖 npm
SQL 间接依赖 pip
DictCursor 间接依赖 pip
MusicBrainzEntityMetadataCache 间接依赖 pip
dom7 4.0.4 间接依赖 npm
coverage 6.3.2 间接依赖 pip
dnspython 2.2.1 间接依赖 pip
clsx 1.2.1 间接依赖 npm
safe-buffer 5.1.2 间接依赖 npm
d3-time 2.1.1 间接依赖 npm
@emotion/sheet 1.2.2 间接依赖 npm
to-fast-properties 2.0.0 间接依赖 npm
request 间接依赖 pip
@types/react 18.0.25 间接依赖 npm
has 1.0.3 间接依赖 npm
timescale_connection 间接依赖 pip
hoist-non-react-statics 3.3.2 间接依赖 npm
d3-scale-chromatic 3.0.0 间接依赖 npm
jest-mock 25.2.3 间接依赖 npm
@babel/code-frame 7.22.13 间接依赖 npm
@types/yargs-parser 15.0.0 间接依赖 npm
color-name 1.1.3 间接依赖 npm
fetch_track_metadata_for_items 间接依赖 pip
highlight.js 11.7.0 间接依赖 npm
react-lazy-load-image-component 1.5.6 间接依赖 npm
html2canvas 1.4.1 间接依赖 npm
humanize-duration 3.31.0 间接依赖 npm
Thread 间接依赖 pip
template_rendered 间接依赖 pip
Flask 3.0.0 间接依赖 pip
@nivo/scales 0.81.0 间接依赖 npm
./docs/requirements.txt 间接依赖 pip
@floating-ui/dom 1.4.5 间接依赖 npm
d3-color 3.1.0 间接依赖 npm
pandas 1.5.3 间接依赖 pip
path-type 4.0.0 间接依赖 npm
@nivo/tooltip 0.81.0 间接依赖 npm
classnames 2.3.1 间接依赖 npm
parse-node-version 1.0.1 间接依赖 npm
stylis 4.2.0 间接依赖 npm
@types/react-datetime-picker 3.4.1 间接依赖 npm
delete_all_couch_databases 间接依赖 pip
d3-time-format 3.0.0 间接依赖 npm
stats 间接依赖 pip
COLLECTION_NAME_WITHOUT_RELEASE 间接依赖 pip
Album 间接依赖 pip
SQLContext 间接依赖 pip
@emotion/memoize 0.8.1 间接依赖 npm
PyYAML 6.0 间接依赖 pip
BytesIO 间接依赖 pip
rgbcolor 1.0.1 间接依赖 npm
spotipy 2.22.1 间接依赖 pip
flask 间接依赖 pip
memoize-one 6.0.0 间接依赖 npm
requests-mock 1.9.3 间接依赖 pip
SparkSessionNotInitializedException 间接依赖 pip
@emotion/unitless 0.8.1 间接依赖 npm
Literal 间接依赖 pip
@fortawesome/react-fontawesome 0.2.0 间接依赖 npm
react-responsive 8.1.0 间接依赖 npm
@react-spring/core 9.7.3 间接依赖 npm
sqlalchemy 间接依赖 pip
freezegun 1.2.0 间接依赖 pip
Artist 间接依赖 pip
matchmediaquery 0.3.1 间接依赖 npm
UUID 间接依赖 pip
@jcoreio/async-throttle 1.6.0 间接依赖 npm
ssr-window 4.0.2 间接依赖 npm
TOKEN_EXPIRATION_TIME 间接依赖 pip
@nivo/network 0.81.0 间接依赖 npm
msgpack 0.5.6 间接依赖 pip
lodash.memoize 4.1.2 间接依赖 npm
resolve-from 4.0.0 间接依赖 npm
patch 间接依赖 pip
SparkNewTestCase 间接依赖 pip
@nivo/colors 0.81.0 间接依赖 npm
g 间接依赖 pip
Flask-SocketIO 5.3.6 间接依赖 pip
@types/react-calendar 3.1.4 间接依赖 npm
@nivo/core 0.81.0 间接依赖 npm
tiny-warning 1.0.3 间接依赖 npm
redis_connection 间接依赖 pip
@types/istanbul-lib-coverage 2.0.1 间接依赖 npm
d3-format 1.4.4 间接依赖 npm
ujson 5.4.0 间接依赖 pip
Listen 间接依赖 pip
get_ident 间接依赖 pip
@socket.io/component-emitter 3.1.0 间接依赖 npm
Sphinx 5.0.2 间接依赖 pip
regenerator-runtime 0.14.0 间接依赖 npm
detect-element-overflow 1.2.0 间接依赖 npm
commander 2.8.1 间接依赖 npm
escape-string-regexp 1.0.5 间接依赖 npm
Exchange 间接依赖 pip
Blueprint 间接依赖 pip
dom-helpers 5.2.1 间接依赖 npm
requirements_spark.txt 间接依赖 pip
numpy 1.24.1 间接依赖 pip
@jest/types 25.2.3 间接依赖 npm
brainzutils 间接依赖 pip
@ebay/nice-modal-react 1.2.9 间接依赖 npm
Union 间接依赖 pip
react-youtube 7.12.0 间接依赖 npm
supports-color 5.5.0 间接依赖 npm
pycurl 7.45.2 间接依赖 pip
less 4.1.1 间接依赖 npm
copy-anything 2.0.3 间接依赖 npm
csstype 3.1.2 间接依赖 npm
react-transition-group 4.4.5 间接依赖 npm
ListenBrainzFTPDownloader 间接依赖 pip
react-is 16.13.1 间接依赖 npm
error-ex 1.3.2 间接依赖 npm
lodash 4.17.21 间接依赖 npm
@nivo/heatmap 0.81.0 间接依赖 npm
SQLAlchemy 2.0.23 间接依赖 pip
date 间接依赖 pip
tslib 1.11.1 间接依赖 npm
d3-scale-chromatic 2.0.0 间接依赖 npm
MsidMbidModel 间接依赖 pip
APINoContent 间接依赖 pip
yaml 1.10.0 间接依赖 npm
d3-path 1.0.9 间接依赖 npm
couchdb 间接依赖 pip
pyspark 间接依赖 pip
@nivo/annotations 0.81.0 间接依赖 npm
timezone 间接依赖 pip
@react-spring/animated 9.7.3 间接依赖 npm
PinnedRecording 间接依赖 pip
MATCH_TYPES 间接依赖 pip
react-calendar 4.0.0 间接依赖 npm
bleach 5.0.0 间接依赖 pip
@sentry/core 7.17.4 间接依赖 npm
@braintree/sanitize-url 6.0.1 间接依赖 npm
make-event-props 1.2.0 间接依赖 npm
datasethoster 间接依赖 pip
psycopg2 间接依赖 pip
NowPlayingListen 间接依赖 pip
sphinx_rtd_theme 0.5.1 间接依赖 pip
SocketIO 间接依赖 pip
flask_admin 间接依赖 pip
socket.io-client 4.7.2 间接依赖 npm
click 7.1.2 间接依赖 pip
react-loader-spinner 3.1.14 间接依赖 npm
update-input-width 1.2.2 间接依赖 npm
Queue 间接依赖 pip
@react-spring/types 9.7.3 间接依赖 npm
function-bind 1.1.1 间接依赖 npm
more_itertools 间接依赖 pip
utils 间接依赖 pip
shallowequal 1.1.0 间接依赖 npm
Mock 间接依赖 pip
ExternalService 间接依赖 pip
engine.io-client 6.5.2 间接依赖 npm
lodash.throttle 4.1.1 间接依赖 npm
Environment 间接依赖 pip
source-map 0.5.7 间接依赖 npm
@babel/runtime 7.22.10 间接依赖 npm
@emotion/react 11.11.1 间接依赖 npm
rc-slider 10.1.0 间接依赖 npm
@sentry/utils 7.17.4 间接依赖 npm
core-js 3.26.1 间接依赖 npm
regenerator-runtime 0.11.1 间接依赖 npm
metrics 间接依赖 pip
APINotFound 间接依赖 pip
Identifier 间接依赖 pip
stackblur-canvas 2.5.0 间接依赖 npm
idb-keyval 6.2.1 间接依赖 npm
hyphenate-style-name 1.0.3 间接依赖 npm
ExternalServiceInvalidGrantError 间接依赖 pip
@types/parse-json 4.0.0 间接依赖 npm
is-arrayish 0.2.1 间接依赖 npm
fast-deep-equal 3.1.3 间接依赖 npm
resolve_redirect_mbids 间接依赖 pip
Flask-Admin 1.6.1 间接依赖 pip
@emotion/hash 0.9.1 间接依赖 npm
css-line-break 2.1.0 间接依赖 npm
@types/yargs 15.0.3 间接依赖 npm
docutils 0.17.1 间接依赖 pip
@nivo/calendar 0.81.0 间接依赖 npm
pycountry 22.3.5 间接依赖 pip
react-simple-star-rating 4.0.0 间接依赖 npm
StringIO 间接依赖 pip
@emotion/utils 1.2.1 间接依赖 npm
time-ago 0.2.1 间接依赖 npm
@sentry/react 7.17.4 间接依赖 npm
json-parse-even-better-errors 2.3.1 间接依赖 npm
socket.io-parser 4.2.4 间接依赖 npm
dompurify 2.2.6 间接依赖 npm
SparkSession 间接依赖 pip
chalk 2.4.2 间接依赖 npm
flask-shell-ipython 0.4.1 间接依赖 pip
@sentry/types 7.17.4 间接依赖 npm
markupsafe 间接依赖 pip
@fortawesome/free-regular-svg-icons 6.4.0 间接依赖 npm
@emotion/weak-memoize 0.3.1 间接依赖 npm
Flask-UUID 0.2 间接依赖 pip
current_app 间接依赖 pip
is-what 3.14.1 间接依赖 npm
pydantic 间接依赖 pip
TimescaleTestCase 间接依赖 pip
debug 4.3.4 间接依赖 npm
xmlhttprequest-ssl 2.1.1 间接依赖 npm
sortablejs 1.12.0 间接依赖 npm
react-toastify 8.2.0 间接依赖 npm
Tuple 间接依赖 pip
pytest 7.1.0 间接依赖 pip
panzoom 9.4.3 间接依赖 npm
d3-force 2.1.1 间接依赖 npm
react-datetime-picker 4.2.0 间接依赖 npm
@nivo/legends 0.81.0 间接依赖 npm
engine.io-parser 5.2.1 间接依赖 npm
clean-css 3.4.28 间接依赖 npm
file-saver 2.0.5 间接依赖 npm
tiny-invariant 1.2.0 间接依赖 npm
unidecode 1.3.4 间接依赖 pip
react-clock 4.0.0 间接依赖 npm
debug 2.6.9 间接依赖 npm
ColorCube 间接依赖 pip
TEST_DATA_PATH 间接依赖 pip
@react-spring/shared 9.7.3 间接依赖 npm
react-date-picker 9.2.0 间接依赖 npm
get-user-locale 1.5.1 间接依赖 npm
Retry 间接依赖 pip
react-tooltip 4.2.21 间接依赖 npm
requirements.txt 间接依赖 pip
tinycolor2 1.4.2 间接依赖 npm
use-isomorphic-layout-effect 1.1.2 间接依赖 npm
FileSystemLoader 间接依赖 pip
rc-util 5.25.2 间接依赖 npm
@react-spring/web 9.7.3 间接依赖 npm
wheel 1.0.0 间接依赖 npm
@emotion/cache 11.11.0 间接依赖 npm
@emotion/babel-plugin 11.11.0 间接依赖 npm
flask_sqlalchemy 间接依赖 pip
ColorResult 间接依赖 pip
@sentry/browser 7.17.4 间接依赖 npm
@emotion/use-insertion-effect-with-fallbacks 1.0.1 间接依赖 npm
listenbrainz_spark 间接依赖 pip
he 1.2.0 间接依赖 npm
parse-json 5.2.0 间接依赖 npm
escape-string-regexp 4.0.0 间接依赖 npm
core-js 2.6.11 间接依赖 npm
js-tokens 4.0.0 间接依赖 npm
MATCH_TYPE_NO_MATCH 间接依赖 pip
incremental_update_metadata_cache 间接依赖 pip
sphinxcontrib-httpdomain 1.8.1 间接依赖 pip
import-fresh 3.2.1 间接依赖 npm
message_flashed 间接依赖 pip
ArtistMetadata 间接依赖 pip
resolve 1.22.1 间接依赖 npm
urllib3 1.26.18 间接依赖 pip
amator 1.1.0 间接依赖 npm
path 间接依赖 pip
external-svg-loader 1.6.10 间接依赖 npm
psycopg2-binary 2.8.6 间接依赖 pip
react 18.2.0 间接依赖 npm
react-lifecycles-compat 3.0.4 间接依赖 npm
@fortawesome/free-solid-svg-icons 6.4.0 间接依赖 npm
PlaylistRecording 间接依赖 pip
ms 2.1.2 间接依赖 npm
@floating-ui/core 1.3.1 间接依赖 npm
graceful-readlink 1.0.1 间接依赖 npm
react-draggable 4.4.5 间接依赖 npm
@babel/highlight 7.22.20 间接依赖 npm
fetch-retry 5.0.3 间接依赖 npm
@fortawesome/fontawesome-svg-core 6.4.0 间接依赖 npm
d3-shape 1.3.7 间接依赖 npm
babel-plugin-macros 3.1.0 间接依赖 npm
ngraph.events 1.2.2 间接依赖 npm
has-flag 3.0.0 间接依赖 npm
pytest-subtests 0.8.0 间接依赖 pip
@types/istanbul-reports 1.1.1 间接依赖 npm
Dict 间接依赖 pip
execute_values 间接依赖 pip
utrie 1.0.2 间接依赖 npm
timescale_fill_userid 间接依赖 pip
ws 8.11.0 间接依赖 npm
d3-array 1.2.4 间接依赖 npm
NotFound 间接依赖 pip
hdfs_connection 间接依赖 pip
@nivo/axes 0.81.0 间接依赖 npm
callsites 3.1.0 间接依赖 npm
color-convert 1.9.3 间接依赖 npm
youtube-player 5.5.2 间接依赖 npm
react-time-picker 5.2.0 间接依赖 npm
MarkupSafe 2.0.1 间接依赖 pip
google_auth_oauthlib 0.4.4 间接依赖 pip
WritablePinnedRecording 间接依赖 pip
insert_test_stats 间接依赖 pip
kombu 5.1.0 间接依赖 pip
cache 间接依赖 pip
base64-arraybuffer 1.0.2 间接依赖 npm
sister 3.0.2 间接依赖 npm
sqlalchemy-dst 1.0.1 间接依赖 pip
resolve_canonical_mbids 间接依赖 pip
@nivo/recompose 0.81.0 间接依赖 npm
jsonify 间接依赖 pip
svg-pathdata 6.0.3 间接依赖 npm
d3-scale 3.3.0 间接依赖 npm
List 间接依赖 pip
schema 间接依赖 pip
tqdm 4.66.1 间接依赖 pip
mock_open 间接依赖 pip
DumpType 间接依赖 pip
path-parse 1.0.7 间接依赖 npm
timedelta 间接依赖 pip
@wojtekmaj/date-utils 1.0.3 间接依赖 npm
timescale_listens_migrate 间接依赖 pip
create_metadata_cache 间接依赖 pip
bezier-easing 2.1.0 间接依赖 npm
@emotion/serialize 1.1.2 间接依赖 npm
canvg 4.0.1 间接依赖 npm
text-segmentation 1.0.3 间接依赖 npm
ARTIST_LINK_GIDS_SQL 间接依赖 pip
render_template 间接依赖 pip
BadRequest 间接依赖 pip
d3-interpolate 2.0.1 间接依赖 npm
object-assign 4.1.1 间接依赖 npm
Levenshtein 0.20.8 间接依赖 pip
scheduler 0.23.0 间接依赖 npm
@babel/helper-module-imports 7.18.6 间接依赖 npm
nose 1.3.7 间接依赖 pip
StructType 间接依赖 pip
@babel/helper-validator-identifier 7.22.20 间接依赖 npm
cosmiconfig 7.1.0 间接依赖 npm
ansi-styles 3.2.1 间接依赖 npm
@babel/helper-string-parser 7.22.5 间接依赖 npm
@nivo/geo 0.81.0 间接依赖 npm
d3-quadtree 2.0.0 间接依赖 npm
d3-dispatch 2.0.0 间接依赖 npm
PERSISTENT_DELIVERY_MODE 间接依赖 pip
DatabaseTestCase 间接依赖 pip
prop-types 15.7.2 间接依赖 npm
d3-geo 1.12.1 间接依赖 npm
pytest-cov 3.0.0 间接依赖 pip
swiper 8.4.4 间接依赖 npm
requests 2.31.0 间接依赖 pip
monotonic 间接依赖 pip
Optional 间接依赖 pip
@types/scheduler 0.16.2 间接依赖 npm
prop-types 15.8.1 间接依赖 npm
Playlist 间接依赖 pip
@fortawesome/fontawesome-common-types 6.4.0 间接依赖 npm
MagicMock 间接依赖 pip
sphinx-click 4.3.0 间接依赖 pip
@types/react-transition-group 4.4.6 间接依赖 npm
lines-and-columns 1.1.6 间接依赖 npm
d3-timer 2.0.0 间接依赖 npm
itsdangerous 2.0.1 间接依赖 pip
mapping 间接依赖 pip
requirements_development.txt 间接依赖 pip
JSONB 间接依赖 pip
@types/offscreencanvas 2019.7.0 间接依赖 npm
parent-module 1.0.1 间接依赖 npm
@types/istanbul-lib-report 3.0.0 间接依赖 npm
Token 间接依赖 pip
convert-source-map 1.7.0 间接依赖 npm
StructField 间接依赖 pip
@fortawesome/free-brands-svg-icons 6.4.0 间接依赖 npm
@types/raf 3.4.0 间接依赖 npm
is-core-module 2.9.0 间接依赖 npm
Sequence 间接依赖 pip
react-select 5.7.4 间接依赖 npm
d3-array 2.3.3 间接依赖 npm
call 间接依赖 pip
shallow-equal 1.2.1 间接依赖 npm
RecordingMetadata 间接依赖 pip
@cospired/i18n-iso-languages 3.0.0 间接依赖 npm
raf 3.4.1 间接依赖 npm
(0)
上一篇 2024年1月29日
下一篇 2024年1月29日

相关推荐

  • mirego/accent 软件分析报告

    基础信息 项目名称:mirego/accent 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1744516936868864000/1744516936915001344 此报告由Murphysec提供 漏洞列表…

    软件分析 2024年1月9日
    0
  • aws/aws-sdk-js 软件分析报告

    基础信息 项目名称:aws/aws-sdk-js 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1727464218420006912/1727464218466144256 此报告由Murphysec提供 漏洞列…

    软件分析 2023年11月23日
    0
  • itouch2/SphereMenu 软件分析报告

    基础信息 项目名称:itouch2/SphereMenu 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718908933208932352/1718908933343150080 此报告由Murphysec提供…

    软件分析 2023年10月30日
    0
  • Y2Z/monolith 软件分析报告

    基础信息 项目名称:Y2Z/monolith 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1727198507276132352/1727198508156936192 此报告由Murphysec提供 漏洞列表 …

    软件分析 2023年11月22日
    0
  • 88250/wide 软件分析报告

    基础信息 项目名称:88250/wide 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715477810012536832/1715477815851008000 此报告由Murphysec提供 漏洞列表 漏洞…

    软件分析 2023年10月23日
    0