bahricanyesil/nodejs-starter-template 软件分析报告

基础信息

项目名称:bahricanyesil/nodejs-starter-template

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1716212137168863232/1716212140683689984

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
MongoDB信息泄露漏洞 日志敏感信息泄露 MPS-2021-24103 CVE-2021-32050 高危
node-semver 安全漏洞 ReDoS MPS-2022-5166 CVE-2022-25883 高危
xml2js 安全漏洞 原型污染 MPS-2023-4673 CVE-2023-0842 中危
Automattic Mongoose 安全漏洞 原型污染 MPS-rkw8-631m CVE-2023-3696 严重
fast-xml-parser 安全漏洞 ReDoS MPS-x6q9-lbdv CVE-2023-34104 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
mongoose 6.8.3 7.3.4 直接依赖 建议修复
fast-xml-parser 4.0.11 4.2.4 间接依赖 建议修复
xml2js 0.4.19 0.5.0 间接依赖 可选修复
mongodb 4.12.1 5.8.0 间接依赖 可选修复
semver 7.3.8 7.5.2 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
Apache-2.0 65
MIT 153
BSD-3-Clause 10
ISC 14
Python-2.0 1
BSD-2-Clause 3
自定义许可证 1
0BSD 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
kareem 2.5.1 间接依赖 npm
aws-sdk 2.1290.0 直接依赖 npm
tr46 3.0.0 间接依赖 npm
jmespath 0.16.0 间接依赖 npm
function-bind 1.1.1 间接依赖 npm
@sideway/address 4.1.4 间接依赖 npm
validator 13.7.0 间接依赖 npm
@aws-sdk/middleware-logger 3.226.0 间接依赖 npm
@aws-sdk/util-utf8-node 3.208.0 间接依赖 npm
@aws-sdk/signature-v4 3.226.0 间接依赖 npm
swagger-ui-dist 4.15.5 间接依赖 npm
side-channel 1.0.4 间接依赖 npm
@apidevtools/swagger-methods 3.0.2 间接依赖 npm
@aws-sdk/url-parser 3.226.0 间接依赖 npm
@aws-sdk/util-base64 3.208.0 间接依赖 npm
@aws-sdk/credential-provider-ini 3.245.0 间接依赖 npm
mongodb 4.12.1 间接依赖 npm
is-arguments 1.1.1 间接依赖 npm
inflight 1.0.6 间接依赖 npm
@aws-sdk/fetch-http-handler 3.226.0 间接依赖 npm
@aws-sdk/credential-provider-web-identity 3.226.0 间接依赖 npm
statuses 2.0.1 间接依赖 npm
semver 7.3.8 间接依赖 npm
@aws-sdk/middleware-host-header 3.226.0 间接依赖 npm
rate-limiter-flexible 2.4.1 直接依赖 npm
multer 1.4.5-lts.1 直接依赖 npm
bytes 3.1.2 间接依赖 npm
argparse 2.0.1 间接依赖 npm
strnum 1.0.5 间接依赖 npm
memory-pager 1.5.0 间接依赖 npm
object-assign 4.1.1 间接依赖 npm
color-convert 2.0.1 间接依赖 npm
accepts 1.3.8 间接依赖 npm
readable-stream 2.3.7 间接依赖 npm
buffer-from 1.1.2 间接依赖 npm
debug 2.6.9 间接依赖 npm
color-name 1.1.4 间接依赖 npm
@aws-crypto/sha256-js 2.0.0 间接依赖 npm
supports-color 7.2.0 间接依赖 npm
fast-xml-parser 4.0.11 间接依赖 npm
cookie 0.5.0 间接依赖 npm
swagger-ui-express 4.6.0 直接依赖 npm
@types/webidl-conversions 7.0.0 间接依赖 npm
@aws-crypto/util 2.0.2 间接依赖 npm
vary 1.1.2 间接依赖 npm
webidl-conversions 7.0.0 间接依赖 npm
busboy 1.6.0 间接依赖 npm
@hapi/topo 5.1.0 间接依赖 npm
has-flag 4.0.0 间接依赖 npm
jws 3.2.2 间接依赖 npm
is-callable 1.2.7 间接依赖 npm
fresh 0.5.2 间接依赖 npm
@aws-sdk/middleware-endpoint 3.226.0 间接依赖 npm
mongoose 6.8.3 直接依赖 npm
cors 2.8.5 直接依赖 npm
path-is-absolute 1.0.1 间接依赖 npm
@aws-sdk/credential-provider-cognito-identity 3.245.0 间接依赖 npm
@aws-sdk/util-body-length-browser 3.188.0 间接依赖 npm
forwarded 0.2.0 间接依赖 npm
@aws-sdk/querystring-parser 3.226.0 间接依赖 npm
safe-buffer 5.1.2 间接依赖 npm
@aws-crypto/supports-web-crypto 2.0.2 间接依赖 npm
@aws-sdk/property-provider 3.226.0 间接依赖 npm
mime 1.6.0 间接依赖 npm
call-me-maybe 1.0.2 间接依赖 npm
array-uniq 1.0.2 间接依赖 npm
depd 2.0.0 间接依赖 npm
for-each 0.3.3 间接依赖 npm
compressible 2.0.18 间接依赖 npm
socks 2.7.1 间接依赖 npm
lazy 1.0.11 间接依赖 npm
@aws-sdk/middleware-user-agent 3.226.0 间接依赖 npm
jwa 1.4.1 间接依赖 npm
@aws-sdk/middleware-content-length 3.226.0 间接依赖 npm
@aws-sdk/hash-node 3.226.0 间接依赖 npm
@aws-sdk/client-sso-oidc 3.245.0 间接依赖 npm
mime-db 1.52.0 间接依赖 npm
express 4.18.2 直接依赖 npm
fd-slicer 1.1.0 间接依赖 npm
@aws-sdk/middleware-signing 3.226.0 间接依赖 npm
has 1.0.3 间接依赖 npm
call-bind 1.0.2 间接依赖 npm
send 0.18.0 间接依赖 npm
object-inspect 1.12.2 间接依赖 npm
lodash.get 4.4.2 间接依赖 npm
@aws-sdk/middleware-retry 3.235.0 间接依赖 npm
@aws-sdk/node-config-provider 3.226.0 间接依赖 npm
@aws-sdk/querystring-builder 3.226.0 间接依赖 npm
tslib 2.4.1 间接依赖 npm
base64-js 1.5.1 间接依赖 npm
@aws-sdk/protocol-http 3.226.0 间接依赖 npm
@aws-sdk/client-cognito-identity 3.245.0 间接依赖 npm
dotenv 16.0.3 直接依赖 npm
once 1.4.0 间接依赖 npm
streamsearch 1.1.0 间接依赖 npm
@types/json-schema 7.0.11 间接依赖 npm
saslprep 1.0.3 间接依赖 npm
@types/whatwg-url 8.2.2 间接依赖 npm
encodeurl 1.0.2 间接依赖 npm
z-schema 5.0.5 间接依赖 npm
@aws-sdk/credential-provider-process 3.226.0 间接依赖 npm
cookie-signature 1.0.6 间接依赖 npm
geoip-lite 1.4.6 直接依赖 npm
which-typed-array 1.1.9 间接依赖 npm
body-parser 1.20.1 间接依赖 npm
path-to-regexp 0.1.7 间接依赖 npm
basic-auth 2.0.1 间接依赖 npm
ip 2.0.0 间接依赖 npm
@aws-sdk/node-http-handler 3.226.0 间接依赖 npm
range-parser 1.2.1 间接依赖 npm
sparse-bitfield 3.0.3 间接依赖 npm
@aws-crypto/ie11-detection 2.0.2 间接依赖 npm
minimatch 3.1.2 间接依赖 npm
type-is 1.6.18 间接依赖 npm
buffer-equal-constant-time 1.0.1 间接依赖 npm
array-flatten 1.1.1 间接依赖 npm
is-typed-array 1.1.10 间接依赖 npm
@aws-sdk/util-middleware 3.226.0 间接依赖 npm
morgan 1.10.0 直接依赖 npm
@aws-sdk/credential-provider-env 3.226.0 间接依赖 npm
@aws-sdk/types 3.226.0 间接依赖 npm
process-nextick-args 2.0.1 间接依赖 npm
@types/node 18.11.18 间接依赖 npm
mime-types 2.1.35 间接依赖 npm
ecdsa-sig-formatter 1.0.11 间接依赖 npm
buffer-crc32 0.2.13 间接依赖 npm
@aws-sdk/shared-ini-file-loader 3.226.0 间接依赖 npm
@aws-sdk/client-sso 3.245.0 间接依赖 npm
on-finished 2.4.1 间接依赖 npm
ansi-styles 4.3.0 间接依赖 npm
@aws-sdk/client-sts 3.245.0 间接依赖 npm
rimraf 2.7.1 间接依赖 npm
@aws-sdk/util-utf8-browser 3.188.0 间接依赖 npm
content-type 1.0.4 间接依赖 npm
sift 16.0.1 间接依赖 npm
http-errors 2.0.0 间接依赖 npm
openapi-types 12.1.0 直接依赖 npm
@aws-sdk/util-buffer-from 3.208.0 间接依赖 npm
content-disposition 0.5.4 间接依赖 npm
@aws-sdk/util-user-agent-node 3.226.0 间接依赖 npm
string_decoder 1.1.1 间接依赖 npm
xmlbuilder 9.0.7 间接依赖 npm
mongodb-connection-string-url 2.6.0 间接依赖 npm
utils-merge 1.0.1 间接依赖 npm
jsbn 1.1.0 间接依赖 npm
iconv-lite 0.4.24 间接依赖 npm
concat-map 0.0.1 间接依赖 npm
@jsdevtools/ono 7.1.3 间接依赖 npm
@aws-sdk/abort-controller 3.226.0 间接依赖 npm
safer-buffer 2.1.2 间接依赖 npm
util-deprecate 1.0.2 间接依赖 npm
@aws-sdk/middleware-sdk-sts 3.226.0 间接依赖 npm
available-typed-arrays 1.0.5 间接依赖 npm
doctrine 3.0.0 间接依赖 npm
merge-descriptors 1.0.1 间接依赖 npm
media-typer 0.3.0 间接依赖 npm
setprototypeof 1.2.0 间接依赖 npm
joi 17.7.0 直接依赖 npm
@apidevtools/json-schema-ref-parser 9.1.0 间接依赖 npm
xml2js 0.4.19 间接依赖 npm
glob 7.2.3 间接依赖 npm
fs.realpath 1.0.0 间接依赖 npm
@aws-sdk/util-defaults-mode-browser 3.234.0 间接依赖 npm
@aws-sdk/credential-provider-node 3.245.0 间接依赖 npm
typedarray 0.0.6 间接依赖 npm
unpipe 1.0.0 间接依赖 npm
ms 2.0.0 间接依赖 npm
@aws-sdk/credential-provider-imds 3.226.0 间接依赖 npm
concat-stream 1.6.2 间接依赖 npm
@aws-sdk/util-retry 3.229.0 间接依赖 npm
util 0.12.5 间接依赖 npm
bson 4.7.1 间接依赖 npm
get-intrinsic 1.1.3 间接依赖 npm
escape-html 1.0.3 间接依赖 npm
@aws-sdk/middleware-serde 3.226.0 间接依赖 npm
commander 6.2.0 间接依赖 npm
randomstring 1.2.3 直接依赖 npm
gopd 1.0.1 间接依赖 npm
smart-buffer 4.2.0 间接依赖 npm
minimist 1.2.7 间接依赖 npm
randombytes 2.0.3 间接依赖 npm
etag 1.8.1 间接依赖 npm
mkdirp 0.5.6 间接依赖 npm
core-util-is 1.0.3 间接依赖 npm
methods 1.1.2 间接依赖 npm
toidentifier 1.0.1 间接依赖 npm
querystring 0.2.0 间接依赖 npm
@aws-crypto/sha256-browser 2.0.0 间接依赖 npm
swagger-jsdoc 6.2.7 直接依赖 npm
lodash.mergewith 4.6.2 间接依赖 npm
uuid 8.0.0 间接依赖 npm
yallist 4.0.0 间接依赖 npm
@sideway/formula 3.0.1 间接依赖 npm
jsonwebtoken 9.0.0 直接依赖 npm
whatwg-url 11.0.0 间接依赖 npm
esutils 2.0.3 间接依赖 npm
brace-expansion 1.1.11 间接依赖 npm
@aws-sdk/middleware-stack 3.226.0 间接依赖 npm
@aws-sdk/middleware-recursion-detection 3.226.0 间接依赖 npm
ipaddr.js 1.9.1 间接依赖 npm
destroy 1.2.0 间接依赖 npm
nodemailer 6.8.0 直接依赖 npm
lodash.isequal 4.5.0 间接依赖 npm
lodash 4.17.21 间接依赖 npm
buffer 4.9.2 间接依赖 npm
@aws-sdk/util-locate-window 3.208.0 间接依赖 npm
@aws-sdk/invalid-dependency 3.226.0 间接依赖 npm
proxy-addr 2.0.7 间接依赖 npm
balanced-match 1.0.2 间接依赖 npm
@sideway/pinpoint 2.0.0 间接依赖 npm
@aws-sdk/smithy-client 3.234.0 间接依赖 npm
@aws-sdk/token-providers 3.245.0 间接依赖 npm
events 1.1.1 间接依赖 npm
js-yaml 4.1.0 间接依赖 npm
@aws-sdk/config-resolver 3.234.0 间接依赖 npm
append-field 1.0.0 间接依赖 npm
parseurl 1.3.3 间接依赖 npm
@aws-sdk/credential-providers 3.245.0 间接依赖 npm
ieee754 1.1.13 间接依赖 npm
mquery 4.0.3 间接依赖 npm
finalhandler 1.2.0 间接依赖 npm
@aws-sdk/util-endpoints 3.245.0 间接依赖 npm
async 2.6.4 间接依赖 npm
on-headers 1.0.2 间接依赖 npm
@aws-sdk/util-body-length-node 3.208.0 间接依赖 npm
@apidevtools/openapi-schemas 2.1.0 间接依赖 npm
helmet 6.0.1 直接依赖 npm
chalk 4.1.2 间接依赖 npm
yaml 2.0.0-1 间接依赖 npm
@hapi/hoek 9.3.0 间接依赖 npm
@aws-sdk/util-config-provider 3.208.0 间接依赖 npm
sprintf-js 1.1.2 间接依赖 npm
inherits 2.0.4 间接依赖 npm
@aws-sdk/util-user-agent-browser 3.226.0 间接依赖 npm
@aws-sdk/credential-provider-sso 3.245.0 间接依赖 npm
wrappy 1.0.2 间接依赖 npm
ip-address 5.9.4 间接依赖 npm
qs 6.11.0 间接依赖 npm
lru-cache 6.0.0 间接依赖 npm
swagger-parser 10.0.3 间接依赖 npm
is-generator-function 1.0.10 间接依赖 npm
bowser 2.11.0 间接依赖 npm
@aws-sdk/service-error-classification 3.229.0 间接依赖 npm
@apidevtools/swagger-parser 10.0.3 间接依赖 npm
compression 1.7.4 直接依赖 npm
xtend 4.0.2 间接依赖 npm
raw-body 2.5.1 间接依赖 npm
negotiator 0.6.3 间接依赖 npm
sax 1.2.1 间接依赖 npm
@aws-sdk/util-defaults-mode-node 3.234.0 间接依赖 npm
mpath 0.9.0 间接依赖 npm
pend 1.2.0 间接依赖 npm
punycode 1.3.2 间接依赖 npm
ee-first 1.1.1 间接依赖 npm
yauzl 2.10.0 间接依赖 npm
serve-static 1.15.0 间接依赖 npm
has-tostringtag 1.0.0 间接依赖 npm
bcryptjs 2.4.3 直接依赖 npm
has-symbols 1.0.3 间接依赖 npm
isarray 1.0.0 间接依赖 npm
(0)
上一篇 2023年10月23日
下一篇 2023年10月23日

相关推荐

  • egoist/slogan 软件分析报告

    基础信息 项目名称:egoist/slogan 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1717410701442154496/1717410701547012096 此报告由Murphysec提供 漏洞列表…

    软件分析 2023年10月26日
    0
  • chuan-yun/Molten 软件分析报告

    基础信息 项目名称:chuan-yun/Molten 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721087674172833792/1722352580900261888 此报告由Murphysec提供 漏…

    软件分析 2023年11月9日
    0
  • 100grams/Moving-MKAnnotationView 软件分析报告

    基础信息 项目名称:100grams/Moving-MKAnnotationView 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715420243605372928/1715420243647315968 此…

    软件分析 2023年10月23日
    0
  • HuanHaiLiuXin/RoundShadowImageView 软件分析报告

    基础信息 项目名称:HuanHaiLiuXin/RoundShadowImageView 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718685057984102400/1718685058026045440…

    软件分析 2023年10月30日
    0
  • unosquare/embedio 软件分析报告

    基础信息 项目名称:unosquare/embedio 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1746788021581156352/1746788126560391168 此报告由Murphysec提供 …

    软件分析 2024年1月15日
    0