基础信息
项目名称:TykTechnologies/tyk
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1754344981646442496/1754345112827494400
此报告由Murphysec提供
漏洞列表
暂无
缺陷组件
暂无
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 33 | 低 |
| MIT | 85 | 低 |
| Apache-2.0 | 43 | 低 |
| BSD-2-Clause | 9 | 低 |
| MPL-2.0 | 21 | 低 |
| LGPL-3.0 | 1 | 中 |
| 自定义许可证 | 1 | 低 |
| EPL-1.0 | 1 | 低 |
| 未知许可证 | 3 | 低 |
| ISC | 2 | 低 |
| BSD-2-Clause-Views | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| google.golang.org/protobuf | v1.32.0 | 直接依赖 | go |
| github.com/ryanuber/go-glob | v1.0.0 | 间接依赖 | go |
| github.com/hashicorp/go-hclog | v1.5.0 | 间接依赖 | go |
| github.com/TykTechnologies/openid2go | v0.1.2 | 直接依赖 | go |
| github.com/tidwall/sjson | v1.0.4 | 间接依赖 | go |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20231120223509-83a465c0220f | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| github.com/jcmturner/dnsutils/v2 | v2.0.0 | 间接依赖 | go |
| github.com/mitchellh/reflectwalk | v1.0.2 | 间接依赖 | go |
| github.com/huandu/xstrings | v1.3.3 | 间接依赖 | go |
| github.com/TykTechnologies/graphql-go-tools | v1.6.2-0.20240131151522-40a1ee2bbfc3 | 直接依赖 | go |
| github.com/xeipuuv/gojsonreference | v0.0.0-20180127040603-bd5ef7bd5415 | 间接依赖 | go |
| github.com/miekg/dns | v1.1.57 | 直接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| github.com/xhit/go-str2duration/v2 | v2.1.0 | 间接依赖 | go |
| github.com/andybalholm/brotli | v1.1.0 | 间接依赖 | go |
| github.com/Masterminds/sprig/v3 | v3.2.3 | 直接依赖 | go |
| github.com/eapache/go-xerial-snappy | v0.0.0-20230731223053-c322873962e3 | 间接依赖 | go |
| github.com/hashicorp/hcl | v1.0.0 | 间接依赖 | go |
| grpc | 间接依赖 | pip | |
| gopkg.in/xmlpath.v2 | v2.0.0-20150820204837-860cbeca3ebc | 直接依赖 | go |
| github.com/hashicorp/go-uuid | v1.0.3 | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.18.0 | 间接依赖 | go |
| github.com/TykTechnologies/goverify | v0.0.0-20220808203004-1486f89e7708 | 直接依赖 | go |
| github.com/newrelic/go-agent | v2.13.0+incompatible | 直接依赖 | go |
| github.com/rs/cors | v1.10.1 | 直接依赖 | go |
| github.com/mitchellh/go-homedir | v1.1.0 | 间接依赖 | go |
| github.com/gobwas/ws | v1.0.4 | 间接依赖 | go |
| github.com/TykTechnologies/circuitbreaker | v2.2.2+incompatible | 直接依赖 | go |
| gopkg.in/mgo.v2 | v2.0.0-20190816093944-a6b53ec6cb22 | 间接依赖 | go |
| github.com/go-openapi/swag | v0.22.4 | 间接依赖 | go |
| github.com/TykTechnologies/opentelemetry | v0.0.20 | 直接依赖 | go |
| github.com/asyncapi/spec-json-schemas/v2 | v2.14.0 | 间接依赖 | go |
| golang.org/x/time | v0.5.0 | 间接依赖 | go |
| go.uber.org/multierr | v1.11.0 | 间接依赖 | go |
| github.com/cenk/backoff | v2.2.1+incompatible | 直接依赖 | go |
| google.golang.org/grpc/examples | v0.0.0-20220317213542-f95b001a48df | 直接依赖 | go |
| github.com/go-logr/stdr | v1.2.2 | 间接依赖 | go |
| github.com/fatih/structs | v1.1.0 | 间接依赖 | go |
| github.com/Masterminds/goutils | v1.1.1 | 间接依赖 | go |
| github.com/kr/pretty | v0.3.1 | 间接依赖 | go |
| github.com/hashicorp/go-secure-stdlib/parseutil | v0.1.6 | 间接依赖 | go |
| github.com/gorilla/mux | v1.8.1 | 直接依赖 | go |
| gopkg.in/sourcemap.v1 | v1.0.5 | 间接依赖 | go |
| github.com/go-redis/redis/v8 | v8.11.5 | 间接依赖 | go |
| github.com/grpc-ecosystem/grpc-gateway/v2 | v2.16.0 | 间接依赖 | go |
| github.com/gocraft/health | v0.0.0-20170925182251-8675af27fef0 | 直接依赖 | go |
| github.com/akutz/memconn | v0.1.0 | 直接依赖 | go |
| github.com/spf13/afero | v1.11.0 | 直接依赖 | go |
| go.opentelemetry.io/otel/metric | v1.19.0 | 间接依赖 | go |
| github.com/eapache/queue | v1.1.0 | 间接依赖 | go |
| github.com/TykTechnologies/tyk | v1.9.2-0.20230606201232-e599d84bdfd1 | 直接依赖 | go |
| github.com/gorilla/websocket | v1.5.1 | 直接依赖 | go |
| github.com/ghodss/yaml | v1.0.0 | 间接依赖 | go |
| github.com/hashicorp/serf | v0.10.1 | 间接依赖 | go |
| github.com/robertkrimen/otto | v0.3.0 | 直接依赖 | go |
| github.com/TykTechnologies/murmur3 | v0.0.0-20230310161213-aad17efd5632 | 直接依赖 | go |
| github.com/TykTechnologies/drl | v0.0.0-20231218155806-88e4363884a2 | 直接依赖 | go |
| github.com/hashicorp/consul/api | v1.26.1 | 直接依赖 | go |
| github.com/golang/snappy | v0.0.4 | 间接依赖 | go |
| github.com/TykTechnologies/tyk-pump | v1.8.1-rc1.0.20231030094653-9984a1ee29ee | 直接依赖 | go |
| github.com/spf13/cast | v1.6.0 | 间接依赖 | go |
| golang.org/x/sync | v0.6.0 | 直接依赖 | go |
| github.com/hashicorp/golang-lru | v0.5.4 | 间接依赖 | go |
| github.com/valyala/fasthttp | v1.51.0 | 直接依赖 | go |
| google.golang.org/grpc | v1.61.0-dev | 直接依赖 | go |
| github.com/sirupsen/logrus | v1.9.3 | 直接依赖 | go |
| github.com/peterbourgon/g2s | v0.0.0-20170223122336-d4e7ad98afea | 间接依赖 | go |
| github.com/Masterminds/sprig | v2.22.0+incompatible | 间接依赖 | go |
| github.com/asyncapi/parser-go | v0.4.2 | 间接依赖 | go |
| go.opentelemetry.io/proto/otlp | v1.0.0 | 间接依赖 | go |
| github.com/josharian/intern | v1.0.0 | 间接依赖 | go |
| github.com/go-openapi/jsonpointer | v0.19.6 | 间接依赖 | go |
| github.com/pierrec/lz4/v4 | v4.1.18 | 间接依赖 | go |
| github.com/r3labs/sse/v2 | v2.8.1 | 间接依赖 | go |
| nhooyr.io/websocket | v1.8.10 | 间接依赖 | go |
| github.com/asyncapi/converter-go | v0.0.0-20190802111537-d8459b2bd403 | 间接依赖 | go |
| golang.org/x/net | v0.20.0 | 直接依赖 | go |
| github.com/tidwall/gjson | v1.11.0 | 间接依赖 | go |
| github.com/go-redsync/redsync/v4 | v4.11.0 | 直接依赖 | go |
| github.com/eclipse/paho.mqtt.golang | v1.2.0 | 间接依赖 | go |
| github.com/hashicorp/go-cleanhttp | v0.5.2 | 间接依赖 | go |
| github.com/jcmturner/aescts/v2 | v2.0.0 | 间接依赖 | go |
| github.com/Masterminds/sprig/v3 | v3.2.2 | 直接依赖 | go |
| github.com/uber/jaeger-client-go | v2.30.1-0.20220110192849-8d8e8fcfd04d+incompatible | 直接依赖 | go |
| go.uber.org/mock | v0.4.0 | 直接依赖 | go |
| github.com/jinzhu/inflection | v1.0.0 | 间接依赖 | go |
| go.opentelemetry.io/otel | v1.19.0 | 直接依赖 | go |
| github.com/Jeffail/tunny | v0.1.4 | 直接依赖 | go |
| github.com/TykTechnologies/kin-openapi | v0.90.0 | 直接依赖 | go |
| github.com/gobwas/httphead | v0.0.0-20180130184737-2c6c146eadee | 间接依赖 | go |
| github.com/mitchellh/copystructure | v1.2.0 | 间接依赖 | go |
| github.com/pmylund/go-cache | v2.1.0+incompatible | 直接依赖 | go |
| github.com/justinas/alice | v1.2.0 | 直接依赖 | go |
| github.com/lonelycode/go-uuid | v0.0.0-20141202165402-ed3ca8a15a93 | 间接依赖 | go |
| github.com/xeipuuv/gojsonpointer | v0.0.0-20190809123943-df4f5c81cb3b | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.18.0 | 间接依赖 | go |
| github.com/buger/jsonparser | v1.1.1 | 直接依赖 | go |
| tyk | 间接依赖 | pip | |
| github.com/IBM/sarama | v1.42.1 | 间接依赖 | go |
| github.com/uber/jaeger-lib | v2.4.2-0.20210604143007-135cf5605a6d+incompatible | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.18.0 | 间接依赖 | go |
| github.com/mavricknz/ldap | v0.0.0-20160227184754-f5a958005e43 | 直接依赖 | go |
| github.com/vmihailenco/msgpack | v4.0.4+incompatible | 直接依赖 | go |
| golang.org/x/tools | v0.17.0 | 间接依赖 | go |
| github.com/hashicorp/go-retryablehttp | v0.6.6 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 直接依赖 | go |
| go.uber.org/zap | v1.21.0 | 间接依赖 | go |
| github.com/perimeterx/marshmallow | v1.1.5 | 间接依赖 | go |
| github.com/TykTechnologies/leakybucket | v0.0.0-20170301023702-71692c943e3c | 直接依赖 | go |
| github.com/Jeffail/gabs/v2 | v2.7.0 | 直接依赖 | go |
| github.com/bshuster-repo/logrus-logstash-hook | v1.1.0 | 直接依赖 | go |
| github.com/Masterminds/semver | v1.5.0 | 间接依赖 | go |
| github.com/pires/go-proxyproto | v0.7.0 | 直接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | 间接依赖 | go |
| github.com/jcmturner/gokrb5/v8 | v8.4.4 | 间接依赖 | go |
| github.com/fsnotify/fsnotify | v1.7.0 | 间接依赖 | go |
| github.com/hashicorp/go-sockaddr | v1.0.2 | 间接依赖 | go |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.45.0 | 间接依赖 | go |
| github.com/getkin/kin-openapi | v0.115.0 | 直接依赖 | go |
| github.com/gobwas/pool | v0.2.0 | 间接依赖 | go |
| github.com/stretchr/objx | v0.5.0 | 间接依赖 | go |
| github.com/alecthomas/units | v0.0.0-20211218093645-b94a6e3cc137 | 间接依赖 | go |
| github.com/go-jose/go-jose/v3 | v3.0.1 | 直接依赖 | go |
| github.com/openzipkin/zipkin-go | v0.4.2 | 直接依赖 | go |
| golang.org/x/mod | v0.14.0 | 间接依赖 | go |
| google.golang.org/appengine | v1.6.8 | 间接依赖 | go |
| github.com/mitchellh/mapstructure | v1.5.0 | 直接依赖 | go |
| github.com/tidwall/match | v1.1.1 | 间接依赖 | go |
| github.com/mavricknz/asn1-ber | v0.0.0-20151103223136-b9df1c2f4213 | 间接依赖 | go |
| github.com/opentracing/opentracing-go | v1.2.0 | 直接依赖 | go |
| github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | 间接依赖 | go |
| github.com/google/go-cmp | v0.6.0 | 直接依赖 | go |
| github.com/TykTechnologies/goautosocket | v0.0.0-20190430121222-97bfa5e7e481 | 直接依赖 | go |
| github.com/lonelycode/osin | v0.0.0-20160423095202-da239c9dacb6 | 直接依赖 | go |
| github.com/redis/go-redis/v9 | v9.4.0 | 直接依赖 | go |
| github.com/oschwald/maxminddb-golang | v1.12.0 | 直接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.2.0 | 间接依赖 | go |
| github.com/hashicorp/vault/api | v1.10.0 | 直接依赖 | go |
| go.uber.org/atomic | v1.11.0 | 间接依赖 | go |
| github.com/kelseyhightower/envconfig | v1.4.0 | 直接依赖 | go |
| github.com/TykTechnologies/gorpc | v0.0.0-20210624160652-fe65bda0ccb9 | 直接依赖 | go |
| github.com/evalphobia/logrus_sentry | v0.8.2 | 直接依赖 | go |
| github.com/felixge/httpsnoop | v1.0.3 | 间接依赖 | go |
| github.com/dgryski/go-rendezvous | v0.0.0-20200823014737-9f7001d12a5f | 间接依赖 | go |
| golang.org/x/exp | v0.0.0-20240112132812-db7319d0e0e3 | 间接依赖 | go |
| github.com/iancoleman/strcase | v0.3.0 | 间接依赖 | go |
| github.com/jinzhu/now | v1.1.2 | 间接依赖 | go |
| github.com/nsf/jsondiff | v0.0.0-20230430225905-43f6cf3098c1 | 直接依赖 | go |
| github.com/clbanning/mxj | v1.8.4 | 直接依赖 | go |
| gopkg.in/yaml.v2 | v2.4.0 | 间接依赖 | go |
| github.com/stretchr/testify | v1.8.4 | 直接依赖 | go |
| github.com/invopop/yaml | v0.2.0 | 间接依赖 | go |
| gopkg.in/cenkalti/backoff.v1 | v1.1.0 | 间接依赖 | go |
| github.com/eapache/go-resiliency | v1.4.0 | 间接依赖 | go |
| github.com/certifi/gocertifi | v0.0.0-20210507211836-431795d63e8d | 间接依赖 | go |
| github.com/go-logr/logr | v1.3.0 | 间接依赖 | go |
| github.com/go-redis/redismock/v9 | v9.2.0 | 直接依赖 | go |
| github.com/paulbellamy/ratecounter | v0.2.0 | 直接依赖 | go |
| github.com/valyala/bytebufferpool | v1.0.0 | 间接依赖 | go |
| github.com/jensneuse/byte-template | v0.0.0-20200214152254-4f3cf06e5c68 | 间接依赖 | go |
| golang.org/x/text | v0.14.0 | 间接依赖 | go |
| github.com/getsentry/raven-go | v0.2.0 | 间接依赖 | go |
| github.com/TykTechnologies/gojsonschema | v0.0.0-20170222154038-dcb3e4bb7990 | 直接依赖 | go |
| github.com/armon/go-metrics | v0.4.1 | 间接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| github.com/alecthomas/kingpin/v2 | v2.4.0 | 直接依赖 | go |
| github.com/klauspost/compress | v1.17.0 | 间接依赖 | go |
| github.com/mohae/deepcopy | v0.0.0-20170929034955-c48cc78d4826 | 间接依赖 | go |
| github.com/jcmturner/gofork | v1.7.6 | 间接依赖 | go |
| github.com/kr/pretty | v0.2.1 | 直接依赖 | go |
| go.opentelemetry.io/otel/trace | v1.19.0 | 直接依赖 | go |
| github.com/golang-jwt/jwt/v4 | v4.5.0 | 直接依赖 | go |
| github.com/TykTechnologies/exp/pkg/limiters | v0.0.0-20231219151617-0c4f9315fe5c | 直接依赖 | go |
| github.com/hashicorp/go-immutable-radix | v1.3.1 | 间接依赖 | go |
| gopkg.in/vmihailenco/msgpack.v2 | v2.9.2 | 直接依赖 | go |
| github.com/tidwall/pretty | v1.2.0 | 间接依赖 | go |
| gorm.io/gorm | v1.21.16 | 间接依赖 | go |
| github.com/hashicorp/go-secure-stdlib/strutil | v0.1.2 | 间接依赖 | go |
| github.com/google/uuid | v1.4.0 | 间接依赖 | go |
| github.com/mailru/easyjson | v0.7.7 | 间接依赖 | go |
| github.com/gofrs/uuid | v4.4.0+incompatible | 直接依赖 | go |
| github.com/Masterminds/semver/v3 | v3.2.0 | 间接依赖 | go |
| github.com/hashicorp/go-rootcerts | v1.0.2 | 间接依赖 | go |
| github.com/gemnasium/logrus-graylog-hook | v2.0.7+incompatible | 直接依赖 | go |
| golang.org/x/sys | v0.16.0 | 间接依赖 | go |
| github.com/TykTechnologies/again | v0.0.0-20190805133618-6ad301e7eaed | 直接依赖 | go |
| github.com/cenkalti/backoff/v4 | v4.2.1 | 直接依赖 | go |
| github.com/santhosh-tekuri/jsonschema/v5 | v5.3.0 | 间接依赖 | go |
| github.com/jensneuse/pipeline | v0.0.0-20200117120358-9fb4de085cd6 | 间接依赖 | go |
| github.com/fatih/color | v1.14.1 | 间接依赖 | go |
| github.com/imdario/mergo | v0.3.12 | 间接依赖 | go |
| github.com/hashicorp/go-version | v1.6.0 | 直接依赖 | go |
| github.com/facebookgo/clock | v0.0.0-20150410010913-600d898af40a | 间接依赖 | go |
| github.com/xeipuuv/gojsonschema | v1.2.0 | 直接依赖 | go |
| github.com/jensneuse/abstractlogger | v0.0.4 | 直接依赖 | go |
| github.com/hashicorp/errwrap | v1.1.0 | 间接依赖 | go |
| github.com/jcmturner/rpc/v2 | v2.0.3 | 间接依赖 | go |
| github.com/shopspring/decimal | v1.2.0 | 间接依赖 | go |
| github.com/hashicorp/go-multierror | v1.1.1 | 直接依赖 | go |
| go.opentelemetry.io/otel/sdk | v1.18.0 | 间接依赖 | go |
| github.com/rcrowley/go-metrics | v0.0.0-20201227073835-cf1acfcdf475 | 间接依赖 | go |
| github.com/mattn/go-isatty | v0.0.17 | 间接依赖 | go |
| go.opentelemetry.io/contrib/propagators/b3 | v1.17.0 | 间接依赖 | go |
| golang.org/x/crypto | v0.18.0 | 直接依赖 | go |
| google.golang.org/genproto/googleapis/api | v0.0.0-20231106174013-bbf56f31fb17 | 间接依赖 | go |
| github.com/cenkalti/backoff/v3 | v3.0.0 | 间接依赖 | go |
| github.com/HdrHistogram/hdrhistogram-go | v1.1.2 | 间接依赖 | go |
| github.com/TykTechnologies/storage | v1.2.1 | 直接依赖 | go |