hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 2531 个文件 - 2026-03-17 21:00:03

浏览代码
这个提交包含在:
hao
2026-03-17 21:00:04 -07:00
父节点 a3edc88834
当前提交 080e55a98c
修改 2531 个文件,包含 135521 行新增3725 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

605
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T01:29:52+00:00",
"generated_at": "2026-03-18T03:59:28+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -27,11 +27,11 @@
},
{
"label": "\u5f53\u524d\u8fd0\u884c",
"value": "11"
"value": "114"
},
{
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
"value": "80"
"value": "89"
}
],
"fields": [
@@ -49,7 +49,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-18T01:29:52+00:00"
"value": "2026-03-18T03:59:28+00:00"
}
],
"links": [
@@ -243,6 +243,11 @@
"href": "/docs/frontend-dashboard-design.html",
"description": "\u5f53\u524d\u672c\u5730\u5de5\u4f5c\u53f0\u7684\u4ea4\u4e92\u4e0e\u89c6\u89c9\u89c4\u8303\u3002"
},
{
"label": "\u5b8c\u6574\u5ea6\u62a5\u544a",
"href": "/docs/testing-completeness-report.html",
"description": "89 \u6761 advisory \u7684\u6700\u65b0\u5b8c\u6574\u5ea6\u4e2d\u6587\u62a5\u544a\u3002"
},
{
"label": "\u5b89\u5168\u7f16\u7801\u7d22\u5f15",
"href": "/docs/secure-code-index.html",
@@ -288,6 +293,11 @@
"href": "/summary.json",
"description": "\u5168\u5c40\u6458\u8981\u3001\u72b6\u6001\u5206\u5e03\u548c\u6700\u8fd1\u5931\u8d25\u3002"
},
{
"label": "completeness.json",
"href": "/data/completeness.json",
"description": "\u6700\u65b0 advisory \u5b8c\u6574\u5ea6\u3001\u7cfb\u7edf/family \u8fdb\u5ea6\u4e0e ingest \u5065\u5eb7\u5ea6\u3002"
},
{
"label": "runs.json",
"href": "/runs.json",
@@ -5843,19 +5853,19 @@
"stats": [
{
"label": "Run \u6570",
"value": "11"
"value": "114"
},
{
"label": "Advisory \u6570",
"value": "80"
"value": "89"
},
{
"label": "\u72b6\u6001\u7c7b\u578b",
"value": "3"
"value": "2"
},
{
"label": "\u6700\u8fd1\u5931\u8d25",
"value": "3"
"value": "20"
}
],
"items": [
@@ -5866,7 +5876,7 @@
"items": [
{
"title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
"summary": "\u5f53\u524d\u7d2f\u8ba1 8 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 67 \u6761\u3002",
"open": false,
"fields": [
{
@@ -5875,28 +5885,13 @@
},
{
"label": "\u6570\u91cf",
"value": "8"
}
]
},
{
"title": "\u5236\u54c1\u963b\u585e",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2 \u6761\u3002",
"open": false,
"fields": [
{
"label": "\u72b6\u6001\u7f16\u7801",
"value": "blocked-artifact"
},
{
"label": "\u6570\u91cf",
"value": "2"
"value": "67"
}
]
},
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 1 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 22 \u6761\u3002",
"open": false,
"fields": [
{
@@ -5905,7 +5900,7 @@
},
{
"label": "\u6570\u91cf",
"value": "1"
"value": "22"
}
]
}
@@ -5917,60 +5912,8 @@
"open": false,
"items": [
{
"title": "gitea--CVE-2025-68939",
"summary": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"open": false,
"badges": [
"\u5236\u54c1\u963b\u585e"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "gitea-livecheck-20260316"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "gitea--CVE-2025-68939"
},
{
"label": "\u72b6\u6001",
"value": "\u5236\u54c1\u963b\u585e"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
}
]
},
{
"title": "gitea--CVE-2025-68939",
"summary": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"open": false,
"badges": [
"\u5236\u54c1\u963b\u585e"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "gitea-gitea--CVE-2025-68939-20260317063330"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "gitea--CVE-2025-68939"
},
{
"label": "\u72b6\u6001",
"value": "\u5236\u54c1\u963b\u585e"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
}
]
},
{
"title": "nextjs--CVE-2025-29927",
"summary": "dry-run only",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
@@ -5978,11 +5921,11 @@
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "nextjs-nextjs--CVE-2025-29927-20260317063047"
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "nextjs--CVE-2025-29927"
"value": "undici--CVE-2026-1525"
},
{
"label": "\u72b6\u6001",
@@ -5990,7 +5933,501 @@
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "dry-run only"
"value": "-"
}
]
},
{
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1528"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "ProxyAgent vulnerable to MITM",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2022-32210"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-2229"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1527"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1526"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-2581"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "undici Denial of Service attack via bad certificate data",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2025-47279"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-31125"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's `server.fs` settings were not applied to HTML files",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-58752"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite middleware may serve files starting with the same name with the public directory",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-58751"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "vite allows server.fs.deny bypass via backslash on Windows",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-62522"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-32395"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2024-45811"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-31486"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-46565"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite bypasses server.fs.deny when using ?raw??",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-30208"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-22036"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2023-45143"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Use of Insufficiently Random Values in undici",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2025-22150"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
}