Expand intel coverage and refresh monitoring
这个提交包含在:
hao
文件差异因一行或多行过长而隐藏
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T18:39:23+00:00",
|
||||
"generated_at": "2026-03-18T21:16:46+00:00",
|
||||
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
|
||||
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
|
||||
"sections": [
|
||||
@@ -19,11 +19,11 @@
|
||||
},
|
||||
{
|
||||
"label": "\u5386\u53f2\u5168\u91cf\u7cfb\u7edf",
|
||||
"value": "18"
|
||||
"value": "20"
|
||||
},
|
||||
{
|
||||
"label": "\u8fd1\u4e24\u5e74\u5168\u91cf\u7cfb\u7edf",
|
||||
"value": "44"
|
||||
"value": "42"
|
||||
},
|
||||
{
|
||||
"label": "\u5f53\u524d\u8fd0\u884c",
|
||||
@@ -31,7 +31,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "1498"
|
||||
"value": "2392"
|
||||
}
|
||||
],
|
||||
"fields": [
|
||||
@@ -49,7 +49,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6210\u65f6\u95f4",
|
||||
"value": "2026-03-18T18:39:23+00:00"
|
||||
"value": "2026-03-18T21:16:46+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -406,7 +406,7 @@
|
||||
"items": [
|
||||
{
|
||||
"title": "CMS / \u5185\u5bb9\u5e73\u53f0",
|
||||
"summary": "9 \u4e2a\u7cfb\u7edf \u00b7 \u5386\u53f2\u5168\u91cf 3 \u00b7 \u8fd1\u4e24\u5e74\u5168\u91cf 6",
|
||||
"summary": "9 \u4e2a\u7cfb\u7edf \u00b7 \u5386\u53f2\u5168\u91cf 4 \u00b7 \u8fd1\u4e24\u5e74\u5168\u91cf 5",
|
||||
"open": false,
|
||||
"stats": [
|
||||
{
|
||||
@@ -415,11 +415,11 @@
|
||||
},
|
||||
{
|
||||
"label": "\u5386\u53f2\u5168\u91cf",
|
||||
"value": "3"
|
||||
"value": "4"
|
||||
},
|
||||
{
|
||||
"label": "\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"value": "6"
|
||||
"value": "5"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -514,8 +514,8 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 3",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u5b98\u65b9\u6e90 4",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -548,11 +548,11 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories"
|
||||
"value": "Discourse Meta Security\nDiscourse Release Notes RSS\nDiscourse Security RSS\nGitHub Discourse Advisories"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "OSV Discourse"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -680,10 +680,10 @@
|
||||
},
|
||||
{
|
||||
"title": "Ghost (ghost)",
|
||||
"summary": "\u8fd1\u4e24\u5e74\u5168\u91cf \u00b7 core",
|
||||
"summary": "\u5386\u53f2\u5168\u91cf \u00b7 core",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5386\u53f2\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
@@ -854,7 +854,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u5b98\u65b9\u6e90 3",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
@@ -888,7 +888,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "MediaWiki Security Releases\nNVD MediaWiki"
|
||||
"value": "MediaWiki Security Releases\nMediaWiki Announce RSS\nNVD MediaWiki"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
@@ -1192,7 +1192,7 @@
|
||||
},
|
||||
{
|
||||
"title": "Web \u6846\u67b6\u4e0e\u8fd0\u884c\u65f6",
|
||||
"summary": "29 \u4e2a\u7cfb\u7edf \u00b7 \u5386\u53f2\u5168\u91cf 6 \u00b7 \u8fd1\u4e24\u5e74\u5168\u91cf 23",
|
||||
"summary": "29 \u4e2a\u7cfb\u7edf \u00b7 \u5386\u53f2\u5168\u91cf 7 \u00b7 \u8fd1\u4e24\u5e74\u5168\u91cf 22",
|
||||
"open": false,
|
||||
"stats": [
|
||||
{
|
||||
@@ -1201,11 +1201,11 @@
|
||||
},
|
||||
{
|
||||
"label": "\u5386\u53f2\u5168\u91cf",
|
||||
"value": "6"
|
||||
"value": "7"
|
||||
},
|
||||
{
|
||||
"label": "\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"value": "23"
|
||||
"value": "22"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -1641,7 +1641,7 @@
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -1678,7 +1678,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "NVD Express.js"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -1976,10 +1976,10 @@
|
||||
},
|
||||
{
|
||||
"title": "Hapi (hapi)",
|
||||
"summary": "\u8fd1\u4e24\u5e74\u5168\u91cf \u00b7 core",
|
||||
"summary": "\u5386\u53f2\u5168\u91cf \u00b7 core",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5386\u53f2\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
@@ -2236,7 +2236,7 @@
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -2273,7 +2273,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "NVD NestJS"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -2661,7 +2661,7 @@
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -2698,7 +2698,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "NVD Ruby on Rails"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -3171,7 +3171,7 @@
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -3208,7 +3208,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "NVD Undici"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -3511,7 +3511,7 @@
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -3548,7 +3548,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "NVD esbuild"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -3596,7 +3596,7 @@
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -3633,7 +3633,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "-"
|
||||
"value": "NVD webpack"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -4211,7 +4211,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u5b98\u65b9\u6e90 3",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
@@ -4245,7 +4245,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "Mattermost Security Updates\nNVD Mattermost"
|
||||
"value": "Mattermost Security Updates\nNVD Mattermost\nMattermost Security Updates JSON"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
@@ -5887,7 +5887,7 @@
|
||||
},
|
||||
{
|
||||
"label": "Advisory \u6570",
|
||||
"value": "1498"
|
||||
"value": "2392"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001\u7c7b\u578b",
|
||||
@@ -5906,7 +5906,7 @@
|
||||
"items": [
|
||||
{
|
||||
"title": "\u4eba\u5de5\u5206\u8bca",
|
||||
"summary": "\u5f53\u524d\u7d2f\u8ba1 1409 \u6761\u3002",
|
||||
"summary": "\u5f53\u524d\u7d2f\u8ba1 2303 \u6761\u3002",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
@@ -5915,7 +5915,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u6570\u91cf",
|
||||
"value": "1409"
|
||||
"value": "2303"
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -5941,6 +5941,266 @@
|
||||
"summary": "\u5f53\u524d dashboard \u6458\u8981\u91cc\u53ef\u89c1\u7684\u5931\u8d25\u6216\u4eba\u5de5\u5206\u8bca\u6837\u672c\u3002",
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--68e2bb93e1"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.4.4: Bug fix and UX release",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--615bee56ae"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "January 2026 Releases",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--321c09b9ad"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--5d3cafdece"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.4.2: Security and bug fix release",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--4222d879a1"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--703d073816"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.4.6: Security fix release",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--734b2c6337"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "discourse--0a6de28d35"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Omnissa Horizon alternative: how HAProxy solves UDP load balancing",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "haproxy--f1c3251635"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "[MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "mediawiki--9531fc3afb"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
@@ -6200,266 +6460,6 @@
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Critical - Cross site scripting - SA-CORE-2025-001",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--affa7a9ea5"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--156bde9702"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--e0da564201"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--284d6aff2f"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--3144ddd947"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--454e57e9ec"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--9d2d9c684a"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Defacement - SA-CORE-2025-007",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--47ee170dd0"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--bf3b4df605"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "drupal--de8979ff41"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
文件差异内容过多而无法显示
加载差异
@@ -1,21 +1,23 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T18:12:43+00:00",
|
||||
"active_source_count": 110,
|
||||
"green_source_count": 110,
|
||||
"generated_at": "2026-03-18T21:09:25+00:00",
|
||||
"active_source_count": 125,
|
||||
"green_source_count": 125,
|
||||
"source_failure_count": 0,
|
||||
"open_alert_count": 0,
|
||||
"resolved_alert_count": 0,
|
||||
"last_fully_green_run": "2026-03-18T18:12:43+00:00",
|
||||
"last_fully_green_run": "2026-03-18T21:09:25+00:00",
|
||||
"source_catalog": {
|
||||
"system_count": 62,
|
||||
"source_count": 146,
|
||||
"source_count": 161,
|
||||
"retired_source_count": 36
|
||||
},
|
||||
"ingest": {
|
||||
"new_count": 0,
|
||||
"new_count": 1,
|
||||
"updated_count": 0,
|
||||
"failure_count": 0,
|
||||
"systems_touched": []
|
||||
"systems_touched": [
|
||||
"hapi"
|
||||
]
|
||||
},
|
||||
"validation": {
|
||||
"passed": true,
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T18:09:51+00:00",
|
||||
"generated_at": "2026-03-18T21:16:34+00:00",
|
||||
"system_count": 62,
|
||||
"source_count": 146,
|
||||
"active_source_count": 110,
|
||||
"source_count": 161,
|
||||
"active_source_count": 125,
|
||||
"retired_source_count": 36,
|
||||
"systems_with_active_official": 62,
|
||||
"systems_with_machine_readable_source": 57,
|
||||
"systems_with_machine_readable_source": 62,
|
||||
"systems": [
|
||||
{
|
||||
"system_id": "adminer",
|
||||
@@ -147,13 +147,13 @@
|
||||
"display_name": "Discourse",
|
||||
"category": "cms",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 3,
|
||||
"active_source_total": 1,
|
||||
"source_total": 5,
|
||||
"active_source_total": 3,
|
||||
"retired_source_total": 2,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"official_active": 2,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 3,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -207,13 +207,13 @@
|
||||
"display_name": "esbuild",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -222,13 +222,13 @@
|
||||
"display_name": "Express",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -266,7 +266,7 @@
|
||||
"system_id": "ghost",
|
||||
"display_name": "Ghost",
|
||||
"category": "cms",
|
||||
"tier": "rolling-24m",
|
||||
"tier": "history-full",
|
||||
"source_total": 2,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 0,
|
||||
@@ -341,7 +341,7 @@
|
||||
"system_id": "hapi",
|
||||
"display_name": "Hapi",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"tier": "history-full",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"retired_source_total": 1,
|
||||
@@ -462,13 +462,13 @@
|
||||
"display_name": "Mattermost",
|
||||
"category": "platforms",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"official_active": 2,
|
||||
"ecosystem_active": 0,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -477,13 +477,13 @@
|
||||
"display_name": "MediaWiki",
|
||||
"category": "cms",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"official_active": 2,
|
||||
"ecosystem_active": 0,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -522,13 +522,13 @@
|
||||
"display_name": "NestJS",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -642,28 +642,28 @@
|
||||
"display_name": "PrestaShop",
|
||||
"category": "ecommerce",
|
||||
"tier": "history-full",
|
||||
"source_total": 3,
|
||||
"active_source_total": 3,
|
||||
"source_total": 4,
|
||||
"active_source_total": 4,
|
||||
"retired_source_total": 0,
|
||||
"official_active": 2,
|
||||
"official_active": 3,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": false
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
{
|
||||
"system_id": "rails",
|
||||
"display_name": "Ruby on Rails",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -732,45 +732,45 @@
|
||||
"display_name": "Spring Boot",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": false
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
{
|
||||
"system_id": "spring-framework",
|
||||
"display_name": "Spring Framework",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": false
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
{
|
||||
"system_id": "spring-security",
|
||||
"display_name": "Spring Security",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": false
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
{
|
||||
"system_id": "strapi",
|
||||
@@ -837,13 +837,13 @@
|
||||
"display_name": "Undici",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -882,13 +882,13 @@
|
||||
"display_name": "webpack",
|
||||
"category": "frameworks",
|
||||
"tier": "rolling-24m",
|
||||
"source_total": 2,
|
||||
"active_source_total": 1,
|
||||
"source_total": 3,
|
||||
"active_source_total": 2,
|
||||
"retired_source_total": 1,
|
||||
"official_active": 1,
|
||||
"ecosystem_active": 0,
|
||||
"ecosystem_active": 1,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"machine_readable_active": 2,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
@@ -912,15 +912,15 @@
|
||||
"display_name": "WooCommerce",
|
||||
"category": "ecommerce",
|
||||
"tier": "history-full",
|
||||
"source_total": 4,
|
||||
"active_source_total": 4,
|
||||
"source_total": 5,
|
||||
"active_source_total": 5,
|
||||
"retired_source_total": 0,
|
||||
"official_active": 2,
|
||||
"official_active": 3,
|
||||
"ecosystem_active": 2,
|
||||
"research_active": 0,
|
||||
"machine_readable_active": 0,
|
||||
"machine_readable_active": 1,
|
||||
"has_active_official": true,
|
||||
"has_machine_readable_source": false
|
||||
"has_machine_readable_source": true
|
||||
},
|
||||
{
|
||||
"system_id": "wordpress",
|
||||
@@ -1024,7 +1024,8 @@
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS"
|
||||
"Discourse Release Notes RSS",
|
||||
"Discourse Security RSS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -1183,6 +1184,7 @@
|
||||
"kind": "html-links",
|
||||
"retired_reason": "MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"MediaWiki Announce RSS",
|
||||
"NVD MediaWiki"
|
||||
],
|
||||
"url": "https://www.mediawiki.org/wiki/Security"
|
||||
@@ -1193,7 +1195,7 @@
|
||||
"source_name": "Moodle Security News",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.",
|
||||
"retired_reason": "Security page is reachable with a browser-style UA, but the current markup only exposes generic \"Discuss this topic\" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.",
|
||||
"replacement_sources": [
|
||||
"NVD Moodle"
|
||||
],
|
||||
@@ -1268,9 +1270,10 @@
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Boot"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -1280,9 +1283,10 @@
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Framework"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -1292,9 +1296,10 @@
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Security"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -1437,7 +1442,8 @@
|
||||
"system_id": "discourse",
|
||||
"retired_source": "GitHub Discourse Advisories",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS"
|
||||
"Discourse Release Notes RSS",
|
||||
"Discourse Security RSS"
|
||||
]
|
||||
},
|
||||
{
|
||||
@@ -1531,6 +1537,7 @@
|
||||
"system_id": "mediawiki",
|
||||
"retired_source": "MediaWiki Security Releases",
|
||||
"replacement_sources": [
|
||||
"MediaWiki Announce RSS",
|
||||
"NVD MediaWiki"
|
||||
]
|
||||
},
|
||||
@@ -1583,21 +1590,24 @@
|
||||
"system_id": "spring-boot",
|
||||
"retired_source": "GitHub Global Advisories",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Boot"
|
||||
]
|
||||
},
|
||||
{
|
||||
"system_id": "spring-framework",
|
||||
"retired_source": "GitHub Global Advisories",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Framework"
|
||||
]
|
||||
},
|
||||
{
|
||||
"system_id": "spring-security",
|
||||
"retired_source": "GitHub Global Advisories",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Security"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
||||
文件差异内容过多而无法显示
加载差异
@@ -87,7 +87,7 @@
|
||||
<h1>当前架构库镜像</h1>
|
||||
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
|
||||
<pre>{
|
||||
"generated_at": "2026-03-18T18:39:23+00:00",
|
||||
"generated_at": "2026-03-18T21:16:46+00:00",
|
||||
"title": "当前架构库",
|
||||
"summary": "工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。",
|
||||
"sections": [
|
||||
@@ -107,11 +107,11 @@
|
||||
},
|
||||
{
|
||||
"label": "历史全量系统",
|
||||
"value": "18"
|
||||
"value": "20"
|
||||
},
|
||||
{
|
||||
"label": "近两年全量系统",
|
||||
"value": "44"
|
||||
"value": "42"
|
||||
},
|
||||
{
|
||||
"label": "当前运行",
|
||||
@@ -119,7 +119,7 @@
|
||||
},
|
||||
{
|
||||
"label": "当前漏洞条目",
|
||||
"value": "1498"
|
||||
"value": "2392"
|
||||
}
|
||||
],
|
||||
"fields": [
|
||||
@@ -137,7 +137,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生成时间",
|
||||
"value": "2026-03-18T18:39:23+00:00"
|
||||
"value": "2026-03-18T21:16:46+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -494,7 +494,7 @@
|
||||
"items": [
|
||||
{
|
||||
"title": "CMS / 内容平台",
|
||||
"summary": "9 个系统 · 历史全量 3 · 近两年全量 6",
|
||||
"summary": "9 个系统 · 历史全量 4 · 近两年全量 5",
|
||||
"open": false,
|
||||
"stats": [
|
||||
{
|
||||
@@ -503,11 +503,11 @@
|
||||
},
|
||||
{
|
||||
"label": "历史全量",
|
||||
"value": "3"
|
||||
"value": "4"
|
||||
},
|
||||
{
|
||||
"label": "近两年全量",
|
||||
"value": "6"
|
||||
"value": "5"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -602,8 +602,8 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"官方源 4",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -636,11 +636,11 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories"
|
||||
"value": "Discourse Meta Security\nDiscourse Release Notes RSS\nDiscourse Security RSS\nGitHub Discourse Advisories"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "OSV Discourse"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -768,10 +768,10 @@
|
||||
},
|
||||
{
|
||||
"title": "Ghost (ghost)",
|
||||
"summary": "近两年全量 · core",
|
||||
"summary": "历史全量 · core",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"历史全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
@@ -942,7 +942,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -976,7 +976,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "MediaWiki Security Releases\nNVD MediaWiki"
|
||||
"value": "MediaWiki Security Releases\nMediaWiki Announce RSS\nNVD MediaWiki"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -1280,7 +1280,7 @@
|
||||
},
|
||||
{
|
||||
"title": "Web 框架与运行时",
|
||||
"summary": "29 个系统 · 历史全量 6 · 近两年全量 23",
|
||||
"summary": "29 个系统 · 历史全量 7 · 近两年全量 22",
|
||||
"open": false,
|
||||
"stats": [
|
||||
{
|
||||
@@ -1289,11 +1289,11 @@
|
||||
},
|
||||
{
|
||||
"label": "历史全量",
|
||||
"value": "6"
|
||||
"value": "7"
|
||||
},
|
||||
{
|
||||
"label": "近两年全量",
|
||||
"value": "23"
|
||||
"value": "22"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -1729,7 +1729,7 @@
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -1766,7 +1766,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "NVD Express.js"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -2064,10 +2064,10 @@
|
||||
},
|
||||
{
|
||||
"title": "Hapi (hapi)",
|
||||
"summary": "近两年全量 · core",
|
||||
"summary": "历史全量 · core",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"历史全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
@@ -2324,7 +2324,7 @@
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -2361,7 +2361,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "NVD NestJS"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -2749,7 +2749,7 @@
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -2786,7 +2786,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "NVD Ruby on Rails"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -3259,7 +3259,7 @@
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -3296,7 +3296,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "NVD Undici"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -3599,7 +3599,7 @@
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -3636,7 +3636,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "NVD esbuild"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -3684,7 +3684,7 @@
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -3721,7 +3721,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "-"
|
||||
"value": "NVD webpack"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -4299,7 +4299,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -4333,7 +4333,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Mattermost Security Updates\nNVD Mattermost"
|
||||
"value": "Mattermost Security Updates\nNVD Mattermost\nMattermost Security Updates JSON"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -5975,7 +5975,7 @@
|
||||
},
|
||||
{
|
||||
"label": "Advisory 数",
|
||||
"value": "1498"
|
||||
"value": "2392"
|
||||
},
|
||||
{
|
||||
"label": "状态类型",
|
||||
@@ -5994,7 +5994,7 @@
|
||||
"items": [
|
||||
{
|
||||
"title": "人工分诊",
|
||||
"summary": "当前累计 1409 条。",
|
||||
"summary": "当前累计 2303 条。",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
@@ -6003,7 +6003,7 @@
|
||||
},
|
||||
{
|
||||
"label": "数量",
|
||||
"value": "1409"
|
||||
"value": "2303"
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -6029,6 +6029,266 @@
|
||||
"summary": "当前 dashboard 摘要里可见的失败或人工分诊样本。",
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--68e2bb93e1"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.4.4: Bug fix and UX release",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--615bee56ae"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "January 2026 Releases",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--321c09b9ad"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--5d3cafdece"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.4.2: Security and bug fix release",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--4222d879a1"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--703d073816"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.4.6: Security fix release",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--734b2c6337"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "discourse--0a6de28d35"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Omnissa Horizon alternative: how HAProxy solves UDP load balancing",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "haproxy--f1c3251635"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "[MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "mediawiki--9531fc3afb"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006",
|
||||
"summary": "无额外阻塞说明。",
|
||||
@@ -6288,266 +6548,6 @@
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Critical - Cross site scripting - SA-CORE-2025-001",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--affa7a9ea5"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--156bde9702"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--e0da564201"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--284d6aff2f"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--3144ddd947"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--454e57e9ec"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--9d2d9c684a"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Defacement - SA-CORE-2025-007",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--47ee170dd0"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--bf3b4df605"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "drupal--de8979ff41"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -90,66 +90,66 @@
|
||||
|
||||
| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 |
|
||||
|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------|
|
||||
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `81` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `81` | `2025-10-23T14:51:16.013` |
|
||||
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `135` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `135` | `2025-05-22` |
|
||||
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `136` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `136` | `2025-04-22` |
|
||||
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Drupal | `cms` | `history-full` | `yes` | `yes` | `70` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 20 Sep 2023 16:23:05 +0000` |
|
||||
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `2025-04-03T01:03:51.193` |
|
||||
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `101` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `101` | `2025-04-20T01:37:25.860` |
|
||||
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `2` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T00:18:44.953` |
|
||||
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `81` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-10-23T14:51:16.013` |
|
||||
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T01:31:35.828211Z` |
|
||||
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `135` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-05-22` |
|
||||
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `136` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-22` |
|
||||
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-11T13:53:20.707` |
|
||||
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T03:01:27.986221Z` |
|
||||
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-27T19:55:10Z` |
|
||||
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `29` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `30` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `30` | `Wed, 28 May 2025 05:22:52 +0000` |
|
||||
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `82` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T21:56:20.301637Z` |
|
||||
| Drupal | `cms` | `history-full` | `yes` | `yes` | `70` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 20 Sep 2023 16:23:05 +0000` |
|
||||
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2024-05-20T16:03:47Z` |
|
||||
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T02:50:58.022803Z` |
|
||||
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-17T19:40:55.690` |
|
||||
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-16T03:05:26.332715Z` |
|
||||
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:45.778179Z` |
|
||||
| Ghost | `cms` | `history-full` | `yes` | `yes` | `23` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T10:41:18.820930Z` |
|
||||
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `13` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
|
||||
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
|
||||
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
|
||||
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
|
||||
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
|
||||
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
|
||||
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
|
||||
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
|
||||
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
|
||||
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
|
||||
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
|
||||
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-17T16:31:34.160932Z` |
|
||||
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
|
||||
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
|
||||
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
|
||||
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `100` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `2025-05-15T19:15:54.980` |
|
||||
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` |
|
||||
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
|
||||
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `112` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2025-04-12T10:46:40.837` |
|
||||
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `42` | `10` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `2025-05-01T18:49:06.777708Z` |
|
||||
| React | `frameworks` | `history-full` | `yes` | `yes` | `21` | `3` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `2023-11-08T04:00:21.209483Z` |
|
||||
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
|
||||
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `24` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `24` | `` |
|
||||
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `71` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `2025-04-20T01:37:25.860` |
|
||||
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-13T21:59:19.426456Z` |
|
||||
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `11` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` |
|
||||
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `` |
|
||||
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
|
||||
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
|
||||
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
|
||||
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `43` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-18T13:59:10.423590Z` |
|
||||
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-14T09:19:54.772219Z` |
|
||||
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
|
||||
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |
|
||||
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-02-27T17:21:22.370` |
|
||||
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:27.690386Z` |
|
||||
| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `111` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `111` | `2025-04-20T01:37:25.860` |
|
||||
| WordPress | `cms` | `history-full` | `yes` | `yes` | `140` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `140` | `2025-04-09T00:30:58.490` |
|
||||
</pre>
|
||||
|
||||
@@ -172,7 +172,8 @@
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS"
|
||||
"Discourse Release Notes RSS",
|
||||
"Discourse Security RSS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -331,6 +332,7 @@
|
||||
"kind": "html-links",
|
||||
"retired_reason": "MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"MediaWiki Announce RSS",
|
||||
"NVD MediaWiki"
|
||||
],
|
||||
"url": "https://www.mediawiki.org/wiki/Security"
|
||||
@@ -341,7 +343,7 @@
|
||||
"source_name": "Moodle Security News",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.",
|
||||
"retired_reason": "Security page is reachable with a browser-style UA, but the current markup only exposes generic \"Discuss this topic\" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.",
|
||||
"replacement_sources": [
|
||||
"NVD Moodle"
|
||||
],
|
||||
@@ -416,9 +418,10 @@
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Boot"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -428,9 +431,10 @@
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Framework"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
@@ -440,9 +444,10 @@
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
"Spring Security Advisories",
|
||||
"OSV Spring Security"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
|
||||
@@ -88,13 +88,13 @@
|
||||
<div class="meta">工作台内置镜像页:active/retired source、replacement map 与覆盖摘要。</div>
|
||||
<pre># Source Catalog Audit
|
||||
|
||||
- generated_at: `2026-03-18T18:09:51+00:00`
|
||||
- generated_at: `2026-03-18T21:16:34+00:00`
|
||||
- systems: `62`
|
||||
- sources: `146`
|
||||
- active_sources: `110`
|
||||
- sources: `161`
|
||||
- active_sources: `125`
|
||||
- retired_sources: `36`
|
||||
- systems_with_active_official: `62/62`
|
||||
- systems_with_machine_readable_source: `57/62`
|
||||
- systems_with_machine_readable_source: `62/62`
|
||||
|
||||
## Retired Sources
|
||||
|
||||
@@ -104,7 +104,7 @@
|
||||
- `angular` `GitHub Global Advisories` -> replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
|
||||
- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
|
||||
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
|
||||
- `drupal` `Drupal Security Advisories Site` -> replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
|
||||
- `drupal` `GHSA Drupal Core` -> replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
|
||||
@@ -117,16 +117,16 @@
|
||||
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `mediawiki` `MediaWiki Security Releases` -> replacements: `NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
|
||||
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
|
||||
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
|
||||
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
|
||||
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Boot` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
|
||||
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Framework` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.
|
||||
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
|
||||
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
|
||||
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
|
||||
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
|
||||
|
||||
@@ -232,7 +232,7 @@ systems:
|
||||
- system_id: ghost
|
||||
display_name: Ghost
|
||||
category: cms
|
||||
tier: rolling-24m
|
||||
tier: history-full
|
||||
advisory_modes: [core]
|
||||
official_sources:
|
||||
- name: Ghost GitHub Advisories
|
||||
@@ -338,7 +338,17 @@ systems:
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD MediaWiki]
|
||||
replacement_sources: [MediaWiki Announce RSS, NVD MediaWiki]
|
||||
- name: MediaWiki Announce RSS
|
||||
kind: rss-feed
|
||||
url: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/feed/
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [mediawiki, security, cve, release]
|
||||
max_items: 80
|
||||
request_policy:
|
||||
user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
|
||||
accept: application/rss+xml,application/xml;q=0.9,text/xml;q=0.8,*/*;q=0.7
|
||||
- name: NVD MediaWiki
|
||||
kind: nvd-search
|
||||
keyword: MediaWiki
|
||||
@@ -367,11 +377,17 @@ systems:
|
||||
url: https://moodle.org/security/
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [moodle, security]
|
||||
max_items: 50
|
||||
keywords: [moodle, security, msa-, cve-]
|
||||
max_items: 80
|
||||
status: retired
|
||||
retired_reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
retired_reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
|
||||
replacement_sources: [NVD Moodle]
|
||||
request_policy:
|
||||
user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
|
||||
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
parser_hints:
|
||||
include_url_patterns:
|
||||
- 'mod/forum/discuss\.php\?d='
|
||||
- name: NVD Moodle
|
||||
kind: nvd-search
|
||||
keyword: Moodle
|
||||
@@ -412,6 +428,13 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [discourse, security, cve]
|
||||
max_items: 60
|
||||
- name: Discourse Security RSS
|
||||
kind: rss-feed
|
||||
url: https://meta.discourse.org/tag/security.rss
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [security, cve, advisory, vulnerability]
|
||||
max_items: 60
|
||||
- name: GitHub Discourse Advisories
|
||||
kind: ghsa-global
|
||||
ecosystem: rubygems
|
||||
@@ -419,11 +442,15 @@ systems:
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
replacement_sources: [Discourse Release Notes RSS]
|
||||
ecosystem_sources: []
|
||||
replacement_sources: [Discourse Release Notes RSS, Discourse Security RSS]
|
||||
ecosystem_sources:
|
||||
- name: OSV Discourse
|
||||
kind: osv-batch
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: rubygems
|
||||
- ecosystem: RubyGems
|
||||
name: discourse
|
||||
cpe_keys: []
|
||||
ghsa_keywords: [discourse]
|
||||
@@ -1123,7 +1150,13 @@ systems:
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
ecosystem_sources: []
|
||||
ecosystem_sources:
|
||||
- name: NVD Express.js
|
||||
kind: nvd-search
|
||||
keyword: Express.js
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: npm
|
||||
@@ -1155,7 +1188,13 @@ systems:
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
ecosystem_sources: []
|
||||
ecosystem_sources:
|
||||
- name: NVD NestJS
|
||||
kind: nvd-search
|
||||
keyword: NestJS
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: npm
|
||||
@@ -1235,7 +1274,7 @@ systems:
|
||||
- system_id: hapi
|
||||
display_name: Hapi
|
||||
category: frameworks
|
||||
tier: rolling-24m
|
||||
tier: history-full
|
||||
advisory_modes: [core]
|
||||
official_sources:
|
||||
- name: GHSA Hapi
|
||||
@@ -1313,7 +1352,13 @@ systems:
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
ecosystem_sources: []
|
||||
ecosystem_sources:
|
||||
- name: NVD Undici
|
||||
kind: nvd-search
|
||||
keyword: undici
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: npm
|
||||
@@ -1345,7 +1390,13 @@ systems:
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
ecosystem_sources: []
|
||||
ecosystem_sources:
|
||||
- name: NVD webpack
|
||||
kind: nvd-search
|
||||
keyword: webpack
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: npm
|
||||
@@ -1377,7 +1428,13 @@ systems:
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
ecosystem_sources: []
|
||||
ecosystem_sources:
|
||||
- name: NVD esbuild
|
||||
kind: nvd-search
|
||||
keyword: esbuild
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: npm
|
||||
@@ -1711,7 +1768,13 @@ systems:
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
ecosystem_sources: []
|
||||
ecosystem_sources:
|
||||
- name: NVD Ruby on Rails
|
||||
kind: nvd-search
|
||||
keyword: Ruby on Rails
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: RubyGems
|
||||
@@ -2236,6 +2299,14 @@ systems:
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
- name: Mattermost Security Updates JSON
|
||||
kind: json-feed
|
||||
url: https://securityupdates.mattermost.com/security_updates.json
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
max_items: 600
|
||||
request_policy:
|
||||
accept: application/json
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
|
||||
@@ -88,38 +88,80 @@
|
||||
<div class="meta">工作台内置镜像页:89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
|
||||
<pre># 全库 Advisory 完整度报告
|
||||
|
||||
- 生成时间: `2026-03-18T18:39:23+00:00`
|
||||
- 最新 advisory 完整度: `89/1498` `verified-real`
|
||||
- 生成时间: `2026-03-18T21:16:46+00:00`
|
||||
- 最新 advisory 完整度: `89/2392` `verified-real`
|
||||
- 合成验证数量: `0`
|
||||
- 阻塞数量: `0`
|
||||
- 人工/待补证据数量: `1409`
|
||||
- 完整度百分比: `5.9%`
|
||||
- active source 全绿: `15/15`
|
||||
- 人工/待补证据数量: `2303`
|
||||
- 完整度百分比: `3.7%`
|
||||
- active source 全绿: `125/125`
|
||||
- source open alerts: `0`
|
||||
- 最近一次 source 全绿: `2026-03-18T18:26:42+00:00`
|
||||
- 最近一次 source 全绿: `2026-03-18T21:09:25+00:00`
|
||||
|
||||
## 系统覆盖矩阵
|
||||
|
||||
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
|
||||
| --- | ---: | ---: | ---: | ---: | ---: | --- |
|
||||
| adminer | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
|
||||
| adobe-commerce | 81 | 0 | 0 | 0 | 81 | xss(0/81) |
|
||||
| angular | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
|
||||
| apache-httpd | 135 | 0 | 0 | 0 | 135 | authz-bypass(0/1), file-upload(0/1), proxy-boundary(0/128), ssrf(0/1), xss(0/4) |
|
||||
| apache-tomcat | 136 | 0 | 0 | 0 | 136 | authz-bypass(0/108), file-upload(0/2), path-traversal(0/3), plugin-extension(0/5), proxy-boundary(0/1), session-token(0/4), xss(0/13) |
|
||||
| aspnet-core | 3 | 0 | 0 | 0 | 3 | xss(0/3) |
|
||||
| astro | 14 | 0 | 0 | 0 | 14 | authz-bypass(0/1), file-upload(0/2), path-traversal(0/1), proxy-boundary(0/3), xss(0/7) |
|
||||
| caddy | 27 | 0 | 0 | 0 | 27 | authz-bypass(0/5), file-upload(0/1), proxy-boundary(0/21) |
|
||||
| directus | 29 | 0 | 0 | 0 | 29 | authz-bypass(0/3), file-upload(0/1), session-token(0/24), xss(0/1) |
|
||||
| discourse | 30 | 0 | 0 | 0 | 30 | xss(0/30) |
|
||||
| django | 82 | 0 | 0 | 0 | 82 | xss(0/82) |
|
||||
| drupal | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
|
||||
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
|
||||
| echo | 2 | 0 | 0 | 0 | 2 | authz-bypass(0/1), ssrf(0/1) |
|
||||
| esbuild | 1 | 0 | 0 | 0 | 1 | file-upload(0/1) |
|
||||
| express | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
|
||||
| fastify | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
|
||||
| flask | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
|
||||
| ghost | 23 | 0 | 0 | 0 | 23 | xss(0/23) |
|
||||
| gin | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
|
||||
| gitea | 50 | 37 | 0 | 0 | 13 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/39), ssrf(1/1), xss(5/5) |
|
||||
| gitlab-ce | 55 | 0 | 0 | 0 | 55 | deserialization(0/55) |
|
||||
| grafana | 60 | 0 | 0 | 0 | 60 | xss(0/60) |
|
||||
| hapi | 1 | 0 | 0 | 0 | 1 | proxy-boundary(0/1) |
|
||||
| haproxy | 6 | 0 | 0 | 0 | 6 | proxy-boundary(0/6) |
|
||||
| jenkins | 60 | 0 | 0 | 0 | 60 | deserialization(0/60) |
|
||||
| joomla | 100 | 0 | 0 | 0 | 100 | xss(0/100) |
|
||||
| magento-open-source | 101 | 0 | 0 | 0 | 101 | authz-bypass(0/1), file-upload(0/3), plugin-extension(0/78), sqli(0/1), xss(0/18) |
|
||||
| kibana | 41 | 0 | 0 | 0 | 41 | xss(0/41) |
|
||||
| koa | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
|
||||
| laravel | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
|
||||
| magento-open-source | 89 | 0 | 0 | 0 | 89 | authz-bypass(0/1), file-upload(0/3), plugin-extension(0/67), sqli(0/1), xss(0/17) |
|
||||
| mattermost | 20 | 0 | 0 | 0 | 20 | xss(0/20) |
|
||||
| mediawiki | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
|
||||
| medusa | 15 | 0 | 0 | 0 | 15 | session-token(0/15) |
|
||||
| moodle | 40 | 0 | 0 | 0 | 40 | xss(0/40) |
|
||||
| nestjs | 2 | 0 | 0 | 0 | 2 | ssrf(0/2) |
|
||||
| nextjs | 66 | 26 | 0 | 0 | 40 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/55), request-smuggling(0/3), ssrf(2/2), xss(2/3) |
|
||||
| nginx | 110 | 0 | 0 | 0 | 110 | authz-bypass(0/2), proxy-boundary(0/107), sqli(0/1) |
|
||||
| nodejs | 8 | 0 | 0 | 0 | 8 | ssrf(0/8) |
|
||||
| nuxt | 28 | 0 | 0 | 0 | 28 | proxy-boundary(0/26), xss(0/2) |
|
||||
| opencart | 100 | 0 | 0 | 0 | 100 | deserialization(0/3), plugin-extension(0/69), sqli(0/12), ssrf(0/1), template-injection(0/1), xss(0/14) |
|
||||
| openmage | 27 | 0 | 0 | 0 | 27 | plugin-extension(0/22), xss(0/5) |
|
||||
| phpmyadmin | 50 | 0 | 0 | 0 | 50 | xss(0/50) |
|
||||
| prestashop | 112 | 0 | 0 | 0 | 112 | file-upload(0/1), plugin-extension(0/91), sqli(0/4), xss(0/16) |
|
||||
| rails | 42 | 0 | 0 | 0 | 42 | xss(0/42) |
|
||||
| react | 21 | 0 | 0 | 0 | 21 | xss(0/21) |
|
||||
| redmine | 50 | 0 | 0 | 0 | 50 | xss(0/50) |
|
||||
| saleor | 24 | 0 | 0 | 0 | 24 | plugin-extension(0/1), session-token(0/22), xss(0/1) |
|
||||
| shopware | 71 | 0 | 0 | 0 | 71 | authz-bypass(0/2), deserialization(0/1), plugin-extension(0/55), sqli(0/2), ssrf(0/1), xss(0/10) |
|
||||
| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
|
||||
| spring-boot | 2 | 0 | 0 | 0 | 2 | authz-bypass(0/1), proxy-boundary(0/1) |
|
||||
| spring-framework | 11 | 0 | 0 | 0 | 11 | authz-bypass(0/1), deserialization(0/9), sqli(0/1) |
|
||||
| spring-security | 3 | 0 | 0 | 0 | 3 | authz-bypass(0/1), proxy-boundary(0/2) |
|
||||
| strapi | 26 | 0 | 0 | 0 | 26 | authz-bypass(0/1), session-token(0/25) |
|
||||
| sveltekit | 3 | 0 | 0 | 0 | 3 | deserialization(0/3) |
|
||||
| symfony | 9 | 0 | 0 | 0 | 9 | xss(0/9) |
|
||||
| traefik | 43 | 0 | 0 | 0 | 43 | authz-bypass(0/3), file-upload(0/2), proxy-boundary(0/37), request-smuggling(0/1) |
|
||||
| undici | 23 | 14 | 0 | 0 | 9 | authz-bypass(0/1), ssrf(14/22) |
|
||||
| vite | 42 | 12 | 0 | 0 | 30 | proxy-boundary(11/39), xss(1/3) |
|
||||
| vue | 15 | 0 | 0 | 0 | 15 | xss(0/15) |
|
||||
| webpack | 1 | 0 | 0 | 0 | 1 | file-upload(0/1) |
|
||||
| werkzeug | 1 | 0 | 0 | 0 | 1 | proxy-boundary(0/1) |
|
||||
| woocommerce | 111 | 0 | 0 | 0 | 111 | xss(0/111) |
|
||||
| wordpress | 140 | 0 | 0 | 0 | 140 | xss(0/140) |
|
||||
|
||||
@@ -134,8 +176,8 @@
|
||||
## Ingest / Source 健康度
|
||||
|
||||
- source failures: `0`
|
||||
- active sources: `15`
|
||||
- green sources: `15`
|
||||
- active sources: `125`
|
||||
- green sources: `125`
|
||||
- open alerts: `0`
|
||||
|
||||
## 剩余风险说明
|
||||
|
||||
@@ -5956,19 +5956,27 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2026-2581",
|
||||
"title": "undici--CVE-2026-2581",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2026-2581-20260318040332",
|
||||
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
|
||||
"summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:03:32+00:00",
|
||||
"updated_at": "2026-03-18T04:03:36+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "medium",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-13T20:37:58Z",
|
||||
"updated_at": "2026-03-13T20:54:25.417862Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
|
||||
"secondary_source_urls": [
|
||||
"https://cna.openjsf.org/security-advisories.html",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
|
||||
"https://hackerone.com/reports/3513473",
|
||||
"https://github.com/nodejs/undici"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-2581",
|
||||
"GHSA-phc3-fgpg-7m6h"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
@@ -6030,7 +6038,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2026-2581-20260318040332",
|
||||
"## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
@@ -6293,22 +6301,33 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2026-2229",
|
||||
"title": "undici--CVE-2026-2229",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2026-2229-20260318040328",
|
||||
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
|
||||
"summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:03:28+00:00",
|
||||
"updated_at": "2026-03-18T04:03:32+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "high",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-13T20:41:41Z",
|
||||
"updated_at": "2026-03-13T20:54:26.149214Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
|
||||
"secondary_source_urls": [
|
||||
"https://cna.openjsf.org/security-advisories.html",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
|
||||
"https://hackerone.com/reports/3487486",
|
||||
"https://datatracker.ietf.org/doc/html/rfc7692",
|
||||
"https://github.com/nodejs/undici",
|
||||
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-2229",
|
||||
"GHSA-v9p9-hfj2-hcw8"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
"proxy-trust-boundary",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
@@ -6367,7 +6386,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2026-2229-20260318040328",
|
||||
"### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
@@ -6967,19 +6986,27 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2026-1528",
|
||||
"title": "undici--CVE-2026-1528",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2026-1528-20260318040318",
|
||||
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
|
||||
"summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:03:18+00:00",
|
||||
"updated_at": "2026-03-18T04:03:23+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "high",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-13T20:07:26Z",
|
||||
"updated_at": "2026-03-14T09:17:45.838435Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
|
||||
"secondary_source_urls": [
|
||||
"https://cna.openjsf.org/security-advisories.html",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
|
||||
"https://hackerone.com/reports/3537648",
|
||||
"https://github.com/nodejs/undici"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-1528",
|
||||
"GHSA-f269-vfmq-vjvj"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
@@ -7041,7 +7068,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2026-1528-20260318040318",
|
||||
"### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
@@ -7304,19 +7331,27 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2026-1527",
|
||||
"title": "undici--CVE-2026-1527",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2026-1527-20260318040314",
|
||||
"title": "Undici has CRLF Injection in undici via `upgrade` option",
|
||||
"summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:03:14+00:00",
|
||||
"updated_at": "2026-03-18T04:03:18+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "medium",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-13T20:41:26Z",
|
||||
"updated_at": "2026-03-13T20:54:25.572106Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
|
||||
"secondary_source_urls": [
|
||||
"https://cna.openjsf.org/security-advisories.html",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
|
||||
"https://hackerone.com/reports/3487198",
|
||||
"https://github.com/nodejs/undici"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-1527",
|
||||
"GHSA-4992-7rv2-5pvq"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
@@ -7378,7 +7413,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2026-1527-20260318040314",
|
||||
"### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
@@ -7641,22 +7676,33 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2026-1526",
|
||||
"title": "undici--CVE-2026-1526",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2026-1526-20260318040309",
|
||||
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
|
||||
"summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:03:09+00:00",
|
||||
"updated_at": "2026-03-18T04:03:14+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "high",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-13T20:41:56Z",
|
||||
"updated_at": "2026-03-13T20:54:25.563997Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
|
||||
"secondary_source_urls": [
|
||||
"https://cna.openjsf.org/security-advisories.html",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
|
||||
"https://hackerone.com/reports/3481206",
|
||||
"https://datatracker.ietf.org/doc/html/rfc7692",
|
||||
"https://github.com/nodejs/undici",
|
||||
"https://owasp.org/www-community/attacks/Denial_of_Service"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-1526",
|
||||
"GHSA-vrm6-8vpv-qv8q"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
"proxy-trust-boundary",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
@@ -7715,7 +7761,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2026-1526-20260318040309",
|
||||
"## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
@@ -7978,22 +8024,33 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2026-1525",
|
||||
"title": "undici--CVE-2026-1525",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2026-1525-20260318040304",
|
||||
"title": "Undici has an HTTP Request/Response Smuggling issue",
|
||||
"summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:03:04+00:00",
|
||||
"updated_at": "2026-03-18T04:03:09+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "medium",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-13T20:07:03Z",
|
||||
"updated_at": "2026-03-14T09:19:54.772219Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
|
||||
"secondary_source_urls": [
|
||||
"https://cna.openjsf.org/security-advisories.html",
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
|
||||
"https://hackerone.com/reports/3556037",
|
||||
"https://cwe.mitre.org/data/definitions/444.html",
|
||||
"https://github.com/nodejs/undici",
|
||||
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-1525",
|
||||
"GHSA-2mjp-6q6p-2qxm"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
"proxy-trust-boundary",
|
||||
"request-smuggling-boundary"
|
||||
],
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
@@ -8052,7 +8109,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2026-1525-20260318040304",
|
||||
"### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
@@ -10000,19 +10057,26 @@
|
||||
],
|
||||
"advisory_meta": {
|
||||
"canonical_id": "undici--CVE-2022-32210",
|
||||
"title": "undici--CVE-2022-32210",
|
||||
"summary": "Derived from latest run undici-undici--CVE-2022-32210-20260318040238",
|
||||
"title": "ProxyAgent vulnerable to MITM",
|
||||
"summary": "### Description\n\n`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.\n\n### Impact\n\nThis affects all use of HTTPS via HTTP proxy using **`Undici.ProxyAgent`** with Undici or Node's global `fetch`. In this case, it removes all HTTPS security from all requests sent using Undici's `ProxyAgent`, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc).\nThis less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy). \n\n### Patches\n\nThis issue was patched in Undici v5.5.1.\n\n### Workarounds\n\nAt the time of writing, the only workaround is to not use `ProxyAgent` as a dispatcher for TLS Connections.",
|
||||
"display_name": "Undici",
|
||||
"system_id": "undici",
|
||||
"category": "frameworks",
|
||||
"severity": null,
|
||||
"cvss_score": null,
|
||||
"exploit_status": null,
|
||||
"published_at": "2026-03-18T04:02:38+00:00",
|
||||
"updated_at": "2026-03-18T04:02:42+00:00",
|
||||
"official_source_url": "",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [],
|
||||
"severity": "low",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2022-06-17T01:02:29Z",
|
||||
"updated_at": "2026-03-13T22:15:23.541247Z",
|
||||
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
|
||||
"secondary_source_urls": [
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
|
||||
"https://hackerone.com/reports/1583680",
|
||||
"https://github.com/nodejs/undici"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-32210",
|
||||
"GHSA-pgw7-wx7w-2w33"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
@@ -10074,7 +10138,7 @@
|
||||
]
|
||||
},
|
||||
"reasoning_lines": [
|
||||
"Derived from latest run undici-undici--CVE-2022-32210-20260318040238",
|
||||
"### Description\n\n`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.\n\n### Impact\n\nThis affects all use of HTTPS via HTTP proxy using **`Undici.ProxyAgent`** with Undici or Node's global `fetch`. In this case, it removes all HTTPS security from all requests sent using Undici's `ProxyAgent`, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc).\nThis less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy). \n\n### Patches\n\nThis issue was patched in Undici v5.5.1.\n\n### Workarounds\n\nAt the time of writing, the only workaround is to not use `ProxyAgent` as a dispatcher for TLS Connections.",
|
||||
"Seed local sink-only request path.",
|
||||
"Runner validates local callback using undici-style request fixture.",
|
||||
"SSRF proof endpoint confirms only local sink callbacks were performed."
|
||||
|
||||
文件差异内容过多而无法显示
加载差异
文件差异内容过多而无法显示
加载差异
在新工单中引用
屏蔽一个用户