更新: 2531 个文件 - 2026-03-17 21:00:03

08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json

@@ -0,0 +1,82 @@
+{
+  "canonical_id": "gitea--CVE-2018-15192",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
+  "summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
+  "published_at": "2024-08-20T20:32:20Z",
+  "updated_at": "2026-03-03T04:54:04.686907Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
+    "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
+    "https://github.com/go-gitea/gitea/issues/4624",
+    "https://github.com/go-gitea/gitea/pull/17482",
+    "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
+    "https://github.com/gogs/gogs/issues/5366",
+    "https://github.com/gogs/gogs/pull/6002"
+  ],
+  "aliases": [
+    "CVE-2018-15192",
+    "GHSA-fg3x-rwq9-74cw",
+    "GO-2023-1971"
+  ],
+  "cve_ids": [
+    "CVE-2018-15192"
+  ],
+  "ghsa_ids": [
+    "GHSA-fg3x-rwq9-74cw"
+  ],
+  "osv_ids": [
+    "GO-2023-1971"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<1.16.0-rc1",
+    "introduced=0, fixed<0.12.0"
+  ],
+  "fixed_versions": [
+    "1.16.0-rc1",
+    "0.12.0"
+  ],
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary",
+    "ssrf-url-validation"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:27:54+00:00",
+  "last_run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json

@@ -0,0 +1,99 @@
+{
+  "canonical_id": "gitea--CVE-2018-18926",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
+  "summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
+  "published_at": "2024-08-21T15:29:04Z",
+  "updated_at": "2026-03-03T04:52:20.787387Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
+    "https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
+    "https://github.com/go-gitea/gitea/issues/5140",
+    "https://github.com/go-gitea/gitea/pull/5177"
+  ],
+  "aliases": [
+    "CVE-2018-18926",
+    "GHSA-hf6f-jq25-8gq9",
+    "GO-2022-0844"
+  ],
+  "cve_ids": [
+    "CVE-2018-18926"
+  ],
+  "ghsa_ids": [
+    "GHSA-hf6f-jq25-8gq9"
+  ],
+  "osv_ids": [
+    "GO-2022-0844"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<1.5.2"
+  ],
+  "fixed_versions": [
+    "1.5.2"
+  ],
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:25:45+00:00",
+  "last_run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json

@@ -0,0 +1,98 @@
+{
+  "canonical_id": "gitea--CVE-2019-1010261",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
+  "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
+  "published_at": "2024-08-20T20:31:38Z",
+  "updated_at": "2026-03-03T04:53:57.848904Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
+    "https://github.com/go-gitea/gitea/pull/5905"
+  ],
+  "aliases": [
+    "CVE-2019-1010261",
+    "GHSA-5rh7-6gfj-mc87",
+    "GO-2023-1922"
+  ],
+  "cve_ids": [
+    "CVE-2019-1010261"
+  ],
+  "ghsa_ids": [
+    "GHSA-5rh7-6gfj-mc87"
+  ],
+  "osv_ids": [
+    "GO-2023-1922"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<1.7.1"
+  ],
+  "fixed_versions": [
+    "1.7.1"
+  ],
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary",
+    "xss-output-encoding"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:26:30+00:00",
+  "last_run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json

@@ -0,0 +1,100 @@
+{
+  "canonical_id": "gitea--CVE-2020-13246",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Denial of Service in Gitea in code.gitea.io/gitea",
+  "summary": "Denial of Service in Gitea in code.gitea.io/gitea",
+  "published_at": "2024-08-21T15:29:04Z",
+  "updated_at": "2026-03-03T04:52:17.939867Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
+    "https://github.com/go-gitea/gitea/issues/10549",
+    "https://github.com/go-gitea/gitea/pull/11438",
+    "https://www.youtube.com/watch?v=DmVgADSVS88"
+  ],
+  "aliases": [
+    "BIT-gitea-2020-13246",
+    "CVE-2020-13246",
+    "GHSA-g2qx-6ghw-67hm",
+    "GO-2022-0830"
+  ],
+  "cve_ids": [
+    "CVE-2020-13246"
+  ],
+  "ghsa_ids": [
+    "GHSA-g2qx-6ghw-67hm"
+  ],
+  "osv_ids": [
+    "GO-2022-0830"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<1.12.0"
+  ],
+  "fixed_versions": [
+    "1.12.0"
+  ],
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:28:13+00:00",
+  "last_run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json

@@ -0,0 +1,102 @@
+{
+  "canonical_id": "gitea--CVE-2021-28378",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
+  "summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
+  "published_at": "2024-08-21T15:29:04Z",
+  "updated_at": "2026-03-03T04:52:18.307544Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
+    "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
+    "https://github.com/PandatiX/CVE-2021-28378",
+    "https://github.com/go-gitea/gitea/pull/14898",
+    "https://github.com/go-gitea/gitea/pull/14899"
+  ],
+  "aliases": [
+    "BIT-gitea-2021-28378",
+    "CVE-2021-28378",
+    "GHSA-g95p-88p4-76cm",
+    "GO-2022-0832"
+  ],
+  "cve_ids": [
+    "CVE-2021-28378"
+  ],
+  "ghsa_ids": [
+    "GHSA-g95p-88p4-76cm"
+  ],
+  "osv_ids": [
+    "GO-2022-0832"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<1.13.4"
+  ],
+  "fixed_versions": [
+    "1.13.4"
+  ],
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary",
+    "xss-output-encoding"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:28:19+00:00",
+  "last_run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json

@@ -51,23 +51,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json

@@ -52,23 +52,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json

@@ -52,23 +52,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json

@@ -56,23 +56,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "xss-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json

@@ -52,23 +52,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json

@@ -55,23 +55,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json

@@ -0,0 +1,74 @@
+{
+  "canonical_id": "gitea--CVE-2025-68939",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
+  "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
+  "published_at": "2025-12-30T01:49:57Z",
+  "updated_at": "2026-03-03T04:57:48.777563Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
+    "https://blog.gitea.com/release-of-1.23.0",
+    "https://github.com/go-gitea/gitea/pull/32151",
+    "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
+  ],
+  "aliases": [
+    "BIT-gitea-2025-68939",
+    "CVE-2025-68939",
+    "GHSA-263q-5cv3-xq9g",
+    "GO-2025-4261"
+  ],
+  "cve_ids": [
+    "CVE-2025-68939"
+  ],
+  "ghsa_ids": [
+    "GHSA-263q-5cv3-xq9g"
+  ],
+  "osv_ids": [
+    "GO-2025-4261"
+  ],
+  "affected_versions": [
+    "introduced=0"
+  ],
+  "fixed_versions": null,
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "blocked-artifact",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-17T07:02:56+00:00",
+  "last_run_id": "gitea-livecheck-20260316",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
+  "browser_evidence": {
+    "required": true,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "official-image",
+  "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json

@@ -0,0 +1,77 @@
+{
+  "canonical_id": "gitea--CVE-2025-68940",
+  "system_id": "gitea",
+  "display_name": "Gitea",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
+  "summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
+  "published_at": "2025-12-30T01:49:57Z",
+  "updated_at": "2026-03-03T04:57:50.087298Z",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
+    "https://blog.gitea.com/release-of-1.22.5",
+    "https://github.com/go-gitea/gitea/pull/32654",
+    "https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
+  ],
+  "aliases": [
+    "BIT-gitea-2025-68940",
+    "CVE-2025-68940",
+    "GHSA-rrcw-5rjv-vj26",
+    "GO-2025-4267"
+  ],
+  "cve_ids": [
+    "CVE-2025-68940"
+  ],
+  "ghsa_ids": [
+    "GHSA-rrcw-5rjv-vj26"
+  ],
+  "osv_ids": [
+    "GO-2025-4267"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<1.22.5"
+  ],
+  "fixed_versions": [
+    "1.22.5"
+  ],
+  "package_name": "code.gitea.io/gitea",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "token-cookie-storage",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:27:12+00:00",
+  "last_run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "gitea-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "xss-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "authz-bypass-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json

@@ -53,23 +53,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "xss-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json

@@ -54,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json

@@ -55,23 +55,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "authz-bypass-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json

@@ -56,23 +56,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json

@@ -56,23 +56,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json

@@ -57,23 +57,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "file-upload-generic",
+  "repro_profile_id": "gitea-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Gitea"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json

@@ -0,0 +1,95 @@
+{
+  "canonical_id": "nextjs--CVE-2020-15242",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Open Redirect in Next.js versions",
+  "summary": "Open Redirect in Next.js versions",
+  "published_at": "2020-10-08T19:28:07Z",
+  "updated_at": "2026-03-13T22:14:13.665535Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
+    "https://github.com/vercel/next.js",
+    "https://github.com/zeit/next.js/releases/tag/v9.5.4"
+  ],
+  "aliases": [
+    "CVE-2020-15242",
+    "GHSA-x56p-c8cg-q435"
+  ],
+  "cve_ids": [
+    "CVE-2020-15242"
+  ],
+  "ghsa_ids": [
+    "GHSA-x56p-c8cg-q435"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=9.5.0, fixed<9.5.4"
+  ],
+  "fixed_versions": [
+    "9.5.4"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:28:37+00:00",
+  "last_run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
+    ],
+    "baseline_title": "Next.js Proxy Boundary Fixture",
+    "proof_title": "Next.js Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Directory Traversal in Next.js",
-  "summary": "### Impact\n\n- **Not affected**: Deployments on ZEIT Now v2 ([https://zeit.co](https://zeit.co/)) are not affected\n- **Not affected**: Deployments using the `serverless` target\n- **Not affected**: Deployments using `next export`\n- **Affected**: Users of Next.js below 9.3.2\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/zeit/next.js/releases/tag/v9.3.2\n\n### References\n\nhttps://github.com/zeit/next.js/releases/tag/v9.3.2",
+  "summary": "Directory Traversal in Next.js",
   "published_at": "2020-03-30T20:40:50Z",
   "updated_at": "2025-09-26T17:49:56Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
@@ -28,9 +28,7 @@
   "ghsa_ids": [
     "GHSA-fq77-7p7r-83rj"
   ],
-  "osv_ids": [
-    "GHSA-fq77-7p7r-83rj"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=0.9.9, fixed<9.3.2"
   ],
@@ -51,23 +49,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Open Redirect in Next.js",
-  "summary": "Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when `pages/_error.js` was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although it can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.\n\n### Impact\n\n- **Affected:** Users of Next.js between `10.0.5` and `10.2.0`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` without `getInitialProps`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` and `next export`\n- **Not affected**: Deployments on Vercel ([vercel.com](https://vercel.com)) are not affected\n- **Not affected:** Deployments **with** `pages/404.js`\n- Note that versions prior to 0.9.9 package `next` npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions.\n\nWe recommend upgrading to the latest version of Next.js to improve the overall security of your application.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v11.1.0",
+  "summary": "Open Redirect in Next.js",
   "published_at": "2021-08-12T14:51:14Z",
   "updated_at": "2026-03-13T22:00:08.038285Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9",
@@ -28,9 +28,7 @@
   "ghsa_ids": [
     "GHSA-vxf5-wxwp-m7g9"
   ],
-  "osv_ids": [
-    "GHSA-vxf5-wxwp-m7g9"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=0.9.9, fixed<11.1.0"
   ],
@@ -51,23 +49,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "XSS in Image Optimization API for Next.js",
-  "summary": "### Impact\n- **Affected:** All of the following must be true to be affected\n    - Next.js between version 10.0.0 and 11.1.0\n    - The `next.config.js` file has [`images.domains`](https://nextjs.org/docs/basic-features/image-optimization#domains) array assigned\n    - The image host assigned in [`images.domains`](https://nextjs.org/docs/basic-features/image-optimization#domains) allows user-provided SVG\n- **Not affected**: The `next.config.js` file has [`images.loader`](https://nextjs.org/docs/basic-features/image-optimization#loader) assigned to something other than default\n- **Not affected**: Deployments on [Vercel](https://vercel.com) are not affected\n\n### Patches\n[Next.js v11.1.1](https://github.com/vercel/next.js/releases/tag/v11.1.1)\n\n",
+  "summary": "XSS in Image Optimization API for Next.js",
   "published_at": "2021-09-01T18:24:22Z",
   "updated_at": "2026-03-13T22:00:20.154452Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m",
@@ -30,9 +30,7 @@
   "ghsa_ids": [
     "GHSA-9gr3-7897-pp7m"
   ],
-  "osv_ids": [
-    "GHSA-9gr3-7897-pp7m"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=10.0.0, fixed<11.1.1"
   ],
@@ -50,26 +48,51 @@
   ],
   "status": "generated",
   "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:30:38+00:00",
+  "last_run_id": "nextjs-nextjs--CVE-2021-39178-20260318013032",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032",
   "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-page.json"
+    ],
+    "baseline_title": "Next.js XSS Fixture",
+    "proof_title": "Next.js XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
   },
-  "repro_profile_id": "xss-generic",
-  "artifact_mode": "synthetic",
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "local-fixture",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Unexpected server crash in Next.js.",
-  "summary": "Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. Note that prior version 0.9.9 package `next` hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions. ",
+  "summary": "Unexpected server crash in Next.js.",
   "published_at": "2021-12-07T21:12:09Z",
   "updated_at": "2026-03-13T22:00:36.554552Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx",
@@ -31,9 +31,7 @@
   "ghsa_ids": [
     "GHSA-25mp-g6fv-mqxx"
   ],
-  "osv_ids": [
-    "GHSA-25mp-g6fv-mqxx"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=12.0.0, fixed<12.0.5",
     "introduced=0.9.9, fixed<11.1.3"
@@ -56,23 +54,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js Server-Side Request Forgery in Server Actions",
-  "summary": "### Impact\nA Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\n#### Prerequisites\n* Next.js (`<14.1.1`) is running in a self-hosted* manner.\n* The Next.js application makes use of Server Actions.\n* The Server Action performs a redirect to a relative path which starts with a `/`.\n\n\\* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.\n\n### Patches\nThis vulnerability was patched in [#62561](https://github.com/vercel/next.js/pull/62561) and fixed in Next.js `14.1.1`.\n \n### Workarounds\nThere are no official workarounds for this vulnerability. We recommend upgrading to Next.js `14.1.1`.\n\n### Credit\nVercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:\n\nAdam Kues - Assetnote\nShubham Shah - Assetnote",
+  "summary": "Next.js Server-Side Request Forgery in Server Actions",
   "published_at": "2024-05-09T21:18:57Z",
   "updated_at": "2026-02-04T03:32:36.434669Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
@@ -29,9 +29,7 @@
   "ghsa_ids": [
     "GHSA-fr5h-rqp8-mj6g"
   ],
-  "osv_ids": [
-    "GHSA-fr5h-rqp8-mj6g"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=13.4.0, fixed<14.1.1"
   ],
@@ -57,20 +55,20 @@
   "browser_evidence": {
     "required": false,
     "present": false,
-    "refs": []
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
   },
-  "repro_profile_id": "nextjs-ssrf",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "local-fixture",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
-  },
-  "historical_status": "verified-real",
-  "latest_status": "verified-real"
+  }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js Cache Poisoning",
-  "summary": "### Impact\n\nBy sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. \n\nTo be potentially affected all of the following must apply: \n\n- Next.js between 13.5.1 and 14.2.9\n- Using pages router\n- Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`\n\nThe below configurations are unaffected:\n\n- Deployments using only app router\n- Deployments on [Vercel](https://vercel.com/) are not affected\n\n\n### Patches\n\nThis vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not.\n\n### Workarounds\n\nThere are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.\n\n#### Credits\n\n- Allam Rachid (zhero_)\n- Henry Chen",
+  "summary": "Next.js Cache Poisoning",
   "published_at": "2024-09-17T21:58:09Z",
   "updated_at": "2026-02-04T03:45:33.402195Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
@@ -29,9 +29,7 @@
   "ghsa_ids": [
     "GHSA-gp8f-8m3g-qvj9"
   ],
-  "osv_ids": [
-    "GHSA-gp8f-8m3g-qvj9"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=13.5.1, fixed<13.5.7",
     "introduced=14.0.0, fixed<14.2.10"
@@ -53,23 +51,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Denial of Service condition in Next.js image optimization",
-  "summary": "### Impact\nThe image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.\n\n**Not affected:**\n- The `next.config.js` file is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value.\n- The Next.js application is hosted on Vercel. \n\n### Patches\nThis issue was fully patched in Next.js `14.2.7`. We recommend that users upgrade to at least this version.\n\n### Workarounds\nEnsure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.\n\n#### Credits\nBrandon Dahler (brandondahler), AWS\nDimitrios Vlastaras",
+  "summary": "Denial of Service condition in Next.js image optimization",
   "published_at": "2024-10-14T19:45:21Z",
   "updated_at": "2026-02-04T03:25:43.295558Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
@@ -28,9 +28,7 @@
   "ghsa_ids": [
     "GHSA-g77x-44xx-532m"
   ],
-  "osv_ids": [
-    "GHSA-g77x-44xx-532m"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=10.0.0, fixed<14.2.7"
   ],
@@ -50,23 +48,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json

@@ -0,0 +1,73 @@
+{
+  "canonical_id": "nextjs--CVE-2024-51479",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js authorization bypass vulnerability",
+  "summary": "Next.js authorization bypass vulnerability",
+  "published_at": "2024-12-17T15:09:06Z",
+  "updated_at": "2025-09-10T21:12:24Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+    "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+  ],
+  "aliases": [
+    "CVE-2024-51479",
+    "GHSA-7gfc-8cq8-jh5f"
+  ],
+  "cve_ids": [
+    "CVE-2024-51479"
+  ],
+  "ghsa_ids": [
+    "GHSA-7gfc-8cq8-jh5f"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=9.5.5, fixed<14.2.15"
+  ],
+  "fixed_versions": [
+    "14.2.15"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:29:17+00:00",
+  "last_run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-  "summary": "### Impact\nA Denial of Service (DoS) attack allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution.\n\n_Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time._\n\nDeployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing.\n\nThis is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel.\n\nThis vulnerability affects only Next.js deployments using Server Actions.\n\n### Patches\n\nThis vulnerability was resolved in Next.js 14.2.21, 15.1.2, and 13.5.8. We recommend that users upgrade to a safe version.\n\n### Workarounds\n\nThere are no official workarounds for this vulnerability.\n\n### Credits\n\nThanks to the PackDraw team for responsibly disclosing this vulnerability.",
+  "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
   "published_at": "2025-01-03T20:19:29Z",
   "updated_at": "2026-02-04T04:36:04.252972Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
@@ -27,9 +27,7 @@
   "ghsa_ids": [
     "GHSA-7m27-7ghc-44w9"
   ],
-  "osv_ids": [
-    "GHSA-7m27-7ghc-44w9"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=13.0.0, fixed<13.5.8",
     "introduced=14.0.0, fixed<14.2.21",
@@ -53,23 +51,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json

@@ -0,0 +1,75 @@
+{
+  "canonical_id": "nextjs--CVE-2025-29927",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Authorization Bypass in Next.js Middleware",
+  "summary": "Authorization Bypass in Next.js Middleware",
+  "published_at": "2025-03-21T15:20:12Z",
+  "updated_at": "2026-03-04T15:06:29.993197Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
+    "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
+    "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v12.3.5",
+    "https://github.com/vercel/next.js/releases/tag/v13.5.9",
+    "https://security.netapp.com/advisory/ntap-20250328-0002",
+    "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
+    "http://www.openwall.com/lists/oss-security/2025/03/23/3",
+    "http://www.openwall.com/lists/oss-security/2025/03/23/4"
+  ],
+  "aliases": [
+    "CVE-2025-29927",
+    "GHSA-f82v-jwr5-mffw"
+  ],
+  "cve_ids": [
+    "CVE-2025-29927"
+  ],
+  "ghsa_ids": [
+    "GHSA-f82v-jwr5-mffw"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=13.0.0, fixed<13.5.9",
+    "introduced=14.0.0, fixed<14.2.25",
+    "introduced=15.0.0, fixed<15.2.3",
+    "introduced=12.0.0, fixed<12.3.5"
+  ],
+  "fixed_versions": [
+    "13.5.9",
+    "14.2.25",
+    "15.2.3",
+    "12.3.5"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-17T06:30:47+00:00",
+  "last_run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
+  "browser_evidence": null,
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "official-source",
+  "blocked_reason": "dry-run only",
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js may leak x-middleware-subrequest-id to external hosts",
-  "summary": "## Summary\nIn the process of remediating [CVE-2025-29927](https://github.com/advisories/GHSA-f82v-jwr5-mffw), we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers.\n\nLearn more [here](https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O).\n\n## Credit\n\nThank you to Jinseo Kim [kjsman](https://hackerone.com/kjsman?type=user) and\u00a0[RyotaK](https://hackerone.com/ryotak?type=user) (GMO Flatt Security Inc.) with [takumi-san.ai](https://takumi-san.ai)\u00a0for the responsible disclosure. These researchers were awarded as part of our bug bounty program.",
+  "summary": "Next.js may leak x-middleware-subrequest-id to external hosts",
   "published_at": "2025-04-02T22:35:37Z",
   "updated_at": "2025-10-13T15:35:50Z",
   "severity": "medium",
-  "cvss_score": 4.0,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf",
@@ -28,9 +28,7 @@
   "ghsa_ids": [
     "GHSA-223j-4rm8-mrmf"
   ],
-  "osv_ids": [
-    "GHSA-223j-4rm8-mrmf"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "12.3.5",
     "13.5.9",
@@ -60,23 +58,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js Race Condition to Cache Poisoning",
-  "summary": "**Summary**  \nWe received a responsible disclosure from Allam Rachid (zhero) for a low-severity race-condition vulnerability in Next.js. This issue only affects the **Pages Router** under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML.\n\n[Learn more here](https://vercel.com/changelog/cve-2025-32421)\n\n**Credit**  \nThank you to **Allam Rachid (zhero)** for the responsible disclosure. This research was rewarded as part of our bug bounty program.",
+  "summary": "Next.js Race Condition to Cache Poisoning",
   "published_at": "2025-05-15T14:12:26Z",
   "updated_at": "2025-09-26T17:48:29Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4",
@@ -28,9 +28,7 @@
   "ghsa_ids": [
     "GHSA-qpjv-v59x-3qc4"
   ],
-  "osv_ids": [
-    "GHSA-qpjv-v59x-3qc4"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=0.9.9, fixed<14.2.24",
     "introduced=15.0.0, fixed<15.1.6"
@@ -52,23 +50,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Information exposure in Next.js dev server due to lack of origin verification",
-  "summary": "## Summary\n\nA low-severity vulnerability in **Next.js** has been fixed in **version 15.2.2**. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while `npm run dev` is active.\n\nBecause the mitigation is potentially a breaking change for some development setups, to opt-in to the fix, you must configure `allowedDevOrigins` in your next config after upgrading to a patched version. [Learn more](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins).\n\nLearn more: https://vercel.com/changelog/cve-2025-48068\n\n## Credit\n\nThanks to [sapphi-red](https://github.com/sapphi-red) and [Radman Siddiki](https://github.com/R4356th) for responsibly disclosing this issue.",
+  "summary": "Information exposure in Next.js dev server due to lack of origin verification",
   "published_at": "2025-05-28T21:52:13Z",
   "updated_at": "2025-06-13T14:41:21Z",
   "severity": "medium",
-  "cvss_score": 4.0,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r",
@@ -28,9 +28,7 @@
   "ghsa_ids": [
     "GHSA-3h52-269p-cp9r"
   ],
-  "osv_ids": [
-    "GHSA-3h52-269p-cp9r"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=15.0.0, fixed<15.2.2",
     "introduced=13.0, fixed<14.2.30"
@@ -52,23 +50,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json

@@ -5,11 +5,11 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-  "summary": "### Summary\n\nA cache poisoning issue in **Next.js App Router >=15.3.0 and < 15.3.3** may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in **Next.js 15.3.3**.\n\nUsers on affected versions should **upgrade immediately** and **redeploy** to ensure proper caching behavior.\n\nMore details: [CVE-2025-49005](https://vercel.com/changelog/cve-2025-49005)",
+  "summary": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
   "published_at": "2025-07-03T20:30:18Z",
   "updated_at": "2026-02-04T02:37:18.974477Z",
   "severity": "low",
-  "cvss_score": 3.1,
+  "cvss_score": null,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4",
@@ -32,9 +32,7 @@
   "ghsa_ids": [
     "GHSA-r2fc-ccr8-96c4"
   ],
-  "osv_ids": [
-    "GHSA-r2fc-ccr8-96c4"
-  ],
+  "osv_ids": [],
   "affected_versions": [
     "introduced=15.3.0, fixed<15.3.3"
   ],
@@ -54,23 +52,19 @@
   "verification_status": "triage-manual",
   "verification_mode": "synthetic",
   "last_verified_at": null,
-  "last_run_id": null,
+  "last_run_id": "",
   "evidence_bundle": null,
   "browser_evidence": {
     "required": false,
     "present": false,
     "refs": []
   },
-  "repro_profile_id": "proxy-boundary-generic",
+  "repro_profile_id": "nextjs-authz-bypass",
   "artifact_mode": "synthetic",
   "blocked_reason": null,
   "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
+    "source_names": [],
+    "source_kinds": [],
     "candidate_count": 1
   }
 }

08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json

@@ -0,0 +1,69 @@
+{
+  "canonical_id": "nextjs--CVE-2025-49826",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
+  "summary": "Next.JS vulnerability can lead to DoS via cache poisoning ",
+  "published_at": "2025-07-03T21:14:48Z",
+  "updated_at": "2025-07-03T21:49:52Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
+    "https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
+    "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v15.1.8",
+    "https://vercel.com/changelog/cve-2025-49826"
+  ],
+  "aliases": [
+    "CVE-2025-49826",
+    "GHSA-67rr-84xm-4c7r"
+  ],
+  "cve_ids": [
+    "CVE-2025-49826"
+  ],
+  "ghsa_ids": [
+    "GHSA-67rr-84xm-4c7r"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=15.0.4-canary.51, fixed<15.1.8"
+  ],
+  "fixed_versions": [
+    "15.1.8"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json

@@ -0,0 +1,70 @@
+{
+  "canonical_id": "nextjs--CVE-2025-55173",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js Content Injection Vulnerability for Image Optimization",
+  "summary": "Next.js Content Injection Vulnerability for Image Optimization",
+  "published_at": "2025-08-29T21:59:55Z",
+  "updated_at": "2026-02-04T04:35:34.538107Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
+    "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
+    "https://github.com/vercel/next.js",
+    "https://vercel.com/changelog/cve-2025-55173",
+    "http://vercel.com/changelog/cve-2025-55173"
+  ],
+  "aliases": [
+    "CVE-2025-55173",
+    "GHSA-xv57-4mr9-wg8v"
+  ],
+  "cve_ids": [
+    "CVE-2025-55173"
+  ],
+  "ghsa_ids": [
+    "GHSA-xv57-4mr9-wg8v"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0.9.9, fixed<14.2.31",
+    "introduced=15.0.0, fixed<15.4.5"
+  ],
+  "fixed_versions": [
+    "14.2.31",
+    "15.4.5"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json

@@ -0,0 +1,70 @@
+{
+  "canonical_id": "nextjs--CVE-2025-57752",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
+  "summary": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
+  "published_at": "2025-08-29T22:06:22Z",
+  "updated_at": "2026-02-04T02:50:08.291668Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
+    "https://github.com/vercel/next.js/pull/82114",
+    "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
+    "https://github.com/vercel/next.js",
+    "https://vercel.com/changelog/cve-2025-57752"
+  ],
+  "aliases": [
+    "CVE-2025-57752",
+    "GHSA-g5qg-72qw-gw5v"
+  ],
+  "cve_ids": [
+    "CVE-2025-57752"
+  ],
+  "ghsa_ids": [
+    "GHSA-g5qg-72qw-gw5v"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0.9.9, fixed<14.2.31",
+    "introduced=15.0.0, fixed<15.4.5"
+  ],
+  "fixed_versions": [
+    "14.2.31",
+    "15.4.5"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json

@@ -0,0 +1,70 @@
+{
+  "canonical_id": "nextjs--CVE-2025-57822",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
+  "summary": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
+  "published_at": "2025-08-29T21:33:09Z",
+  "updated_at": "2026-02-04T04:20:45.658010Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
+    "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
+    "https://github.com/vercel/next.js",
+    "https://vercel.com/changelog/cve-2025-57822"
+  ],
+  "aliases": [
+    "CVE-2025-57822",
+    "GHSA-4342-x723-ch2f"
+  ],
+  "cve_ids": [
+    "CVE-2025-57822"
+  ],
+  "ghsa_ids": [
+    "GHSA-4342-x723-ch2f"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0.9.9, fixed<14.2.32",
+    "introduced=15.0.0-canary.0, fixed<15.4.7"
+  ],
+  "fixed_versions": [
+    "14.2.32",
+    "15.4.7"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "ssrf-url-validation"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json

@@ -0,0 +1,71 @@
+{
+  "canonical_id": "nextjs--CVE-2025-59471",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
+  "summary": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
+  "published_at": "2026-01-27T19:18:25Z",
+  "updated_at": "2026-02-10T01:28:46.973023Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
+    "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
+    "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v15.5.10",
+    "https://github.com/vercel/next.js/releases/tag/v16.1.5"
+  ],
+  "aliases": [
+    "CVE-2025-59471",
+    "GHSA-9g9p-9gw9-jx7f"
+  ],
+  "cve_ids": [
+    "CVE-2025-59471"
+  ],
+  "ghsa_ids": [
+    "GHSA-9g9p-9gw9-jx7f"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=10.0.0, fixed<15.5.10",
+    "introduced=15.6.0-canary.0, fixed<16.1.5"
+  ],
+  "fixed_versions": [
+    "15.5.10",
+    "16.1.5"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json

@@ -0,0 +1,68 @@
+{
+  "canonical_id": "nextjs--CVE-2025-59472",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
+  "summary": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
+  "published_at": "2026-01-28T15:20:55Z",
+  "updated_at": "2026-02-06T13:13:43.709252Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
+    "https://github.com/vercel/next.js",
+    "https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
+  ],
+  "aliases": [
+    "CVE-2025-59472",
+    "GHSA-5f7q-jpqc-wp7h"
+  ],
+  "cve_ids": [
+    "CVE-2025-59472"
+  ],
+  "ghsa_ids": [
+    "GHSA-5f7q-jpqc-wp7h"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=15.0.0-canary.0, fixed<15.6.0-canary.61",
+    "introduced=16.0.0-beta.0, fixed<16.1.5"
+  ],
+  "fixed_versions": [
+    "15.6.0-canary.61",
+    "16.1.5"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json

@@ -0,0 +1,84 @@
+{
+  "canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
+  "summary": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
+  "published_at": "2025-12-12T17:21:57Z",
+  "updated_at": "2026-02-04T02:46:38.768104Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
+    "https://github.com/vercel/next.js",
+    "https://nextjs.org/blog/security-update-2025-12-11",
+    "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
+    "https://www.cve.org/CVERecord?id=CVE-2025-55184",
+    "https://www.facebook.com/security/advisories/cve-2025-67779"
+  ],
+  "aliases": [
+    "GHSA-5j59-xgg2-r9c4"
+  ],
+  "cve_ids": [],
+  "ghsa_ids": [
+    "GHSA-5j59-xgg2-r9c4"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=13.3.1-canary.0, fixed<14.2.35",
+    "introduced=15.0.6, fixed<15.0.7",
+    "introduced=15.1.10, fixed<15.1.11",
+    "introduced=15.2.7, fixed<15.2.8",
+    "introduced=15.3.7, fixed<15.3.8",
+    "introduced=15.4.9, fixed<15.4.10",
+    "introduced=15.5.8, fixed<15.5.9",
+    "introduced=15.6.0-canary.59, fixed<15.6.0-canary.60",
+    "introduced=16.0.9, fixed<16.0.10",
+    "introduced=16.1.0-canary.17, fixed<16.1.0-canary.19"
+  ],
+  "fixed_versions": [
+    "14.2.35",
+    "15.0.7",
+    "15.1.11",
+    "15.2.8",
+    "15.3.8",
+    "15.4.10",
+    "15.5.9",
+    "15.6.0-canary.60",
+    "16.0.10",
+    "16.1.0-canary.19"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json

@@ -0,0 +1,77 @@
+{
+  "canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js is vulnerable to RCE in React flight protocol",
+  "summary": "Next.js is vulnerable to RCE in React flight protocol",
+  "published_at": "2025-12-03T19:07:11Z",
+  "updated_at": "2026-02-04T03:45:15.823345Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
+    "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
+    "https://github.com/vercel/next.js"
+  ],
+  "aliases": [
+    "GHSA-9qr9-h5gf-34mp"
+  ],
+  "cve_ids": [],
+  "ghsa_ids": [
+    "GHSA-9qr9-h5gf-34mp"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=14.3.0-canary.77, fixed<15.0.5",
+    "introduced=15.1.0-canary.0, fixed<15.1.9",
+    "introduced=15.2.0-canary.0, fixed<15.2.6",
+    "introduced=15.3.0-canary.0, fixed<15.3.6",
+    "introduced=15.4.0-canary.0, fixed<15.4.8",
+    "introduced=15.5.0-canary.0, fixed<15.5.7",
+    "introduced=16.0.0-canary.0, fixed<16.0.7"
+  ],
+  "fixed_versions": [
+    "15.0.5",
+    "15.1.9",
+    "15.2.6",
+    "15.3.6",
+    "15.4.8",
+    "15.5.7",
+    "16.0.7"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "dependency-upgrade-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json

@@ -0,0 +1,88 @@
+{
+  "canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
+  "summary": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
+  "published_at": "2026-01-28T15:38:01Z",
+  "updated_at": "2026-02-13T00:43:52.836085Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
+    "https://github.com/vercel/next.js",
+    "https://vercel.com/changelog/summary-of-cve-2026-23864"
+  ],
+  "aliases": [
+    "GHSA-h25m-26qc-wcjf"
+  ],
+  "cve_ids": [],
+  "ghsa_ids": [
+    "GHSA-h25m-26qc-wcjf"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=13.0.0, fixed<15.0.8",
+    "introduced=15.1.1-canary.0, fixed<15.1.12",
+    "introduced=15.2.0-canary.0, fixed<15.2.9",
+    "introduced=15.3.0-canary.0, fixed<15.3.9",
+    "introduced=15.4.0-canary.0, fixed<15.4.11",
+    "introduced=15.5.1-canary.0, fixed<15.5.10",
+    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.61",
+    "introduced=16.0.0-beta.0, fixed<16.0.11",
+    "introduced=16.1.0-canary.0, fixed<16.1.5"
+  ],
+  "fixed_versions": [
+    "15.0.8",
+    "15.1.12",
+    "15.2.9",
+    "15.3.9",
+    "15.4.11",
+    "15.5.10",
+    "15.6.0-canary.61",
+    "16.0.11",
+    "16.1.5"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "dependency-upgrade-policy",
+    "deserialization-safety"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:31:16+00:00",
+  "last_run_id": "nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318013112",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318013112",
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json

@@ -0,0 +1,82 @@
+{
+  "canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next Vulnerable to Denial of Service with Server Components",
+  "summary": "Next Vulnerable to Denial of Service with Server Components",
+  "published_at": "2025-12-11T22:49:27Z",
+  "updated_at": "2026-02-04T03:55:54.855562Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js",
+    "https://nextjs.org/blog/security-update-2025-12-11",
+    "https://www.cve.org/CVERecord?id=CVE-2025-55184"
+  ],
+  "aliases": [
+    "GHSA-mwv6-3258-q52c"
+  ],
+  "cve_ids": [],
+  "ghsa_ids": [
+    "GHSA-mwv6-3258-q52c"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=13.3.0, fixed<14.2.34",
+    "introduced=15.0.0-canary.0, fixed<15.0.6",
+    "introduced=15.1.1-canary.0, fixed<15.1.10",
+    "introduced=15.2.0-canary.0, fixed<15.2.7",
+    "introduced=15.3.0-canary.0, fixed<15.3.7",
+    "introduced=15.4.0-canary.0, fixed<15.4.9",
+    "introduced=15.5.1-canary.0, fixed<15.5.8",
+    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
+    "introduced=16.0.0-beta.0, fixed<16.0.9",
+    "introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
+  ],
+  "fixed_versions": [
+    "14.2.34",
+    "15.0.6",
+    "15.1.10",
+    "15.2.7",
+    "15.3.7",
+    "15.4.9",
+    "15.5.8",
+    "15.6.0-canary.59",
+    "16.0.9",
+    "16.1.0-canary.17"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "dependency-upgrade-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json

@@ -0,0 +1,80 @@
+{
+  "canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next Server Actions Source Code Exposure ",
+  "summary": "Next Server Actions Source Code Exposure ",
+  "published_at": "2025-12-11T22:49:56Z",
+  "updated_at": "2026-02-04T02:51:40.627151Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js",
+    "https://nextjs.org/blog/security-update-2025-12-11",
+    "https://www.cve.org/CVERecord?id=CVE-2025-55183"
+  ],
+  "aliases": [
+    "GHSA-w37m-7fhw-fmv9"
+  ],
+  "cve_ids": [],
+  "ghsa_ids": [
+    "GHSA-w37m-7fhw-fmv9"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=15.0.0-canary.0, fixed<15.0.6",
+    "introduced=15.1.1-canary.0, fixed<15.1.10",
+    "introduced=15.2.0-canary.0, fixed<15.2.7",
+    "introduced=15.3.0-canary.0, fixed<15.3.7",
+    "introduced=15.4.0-canary.0, fixed<15.4.9",
+    "introduced=15.5.1-canary.0, fixed<15.5.8",
+    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
+    "introduced=16.0.0-beta.0, fixed<16.0.9",
+    "introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
+  ],
+  "fixed_versions": [
+    "15.0.6",
+    "15.1.10",
+    "15.2.7",
+    "15.3.7",
+    "15.4.9",
+    "15.5.8",
+    "15.6.0-canary.59",
+    "16.0.9",
+    "16.1.0-canary.17"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "dependency-upgrade-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-authz-bypass",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2022-31151.json

@@ -0,0 +1,79 @@
+{
+  "canonical_id": "undici--CVE-2022-31151",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
+  "summary": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
+  "published_at": "2022-07-21T20:31:05Z",
+  "updated_at": "2026-02-04T03:02:08.652391Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
+    "https://github.com/nodejs/undici/issues/872",
+    "https://github.com/nodejs/undici/pull/1441",
+    "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
+    "https://hackerone.com/reports/1635514",
+    "https://github.com/nodejs/undici",
+    "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
+    "https://github.com/nodejs/undici/releases/tag/v5.8.0",
+    "https://security.netapp.com/advisory/ntap-20220909-0006"
+  ],
+  "aliases": [
+    "CVE-2022-31151",
+    "GHSA-q768-x9m6-m9qp"
+  ],
+  "cve_ids": [
+    "CVE-2022-31151"
+  ],
+  "ghsa_ids": [
+    "GHSA-q768-x9m6-m9qp"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<5.8.0"
+  ],
+  "fixed_versions": [
+    "5.8.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "dependency-upgrade-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:31:55+00:00",
+  "last_run_id": "undici-undici--CVE-2022-31151-20260318013150",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150",
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2022-32210.json

@@ -0,0 +1,65 @@
+{
+  "canonical_id": "undici--CVE-2022-32210",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "ProxyAgent vulnerable to MITM",
+  "summary": "ProxyAgent vulnerable to MITM",
+  "published_at": "2022-06-17T01:02:29Z",
+  "updated_at": "2026-03-13T22:15:23.541247Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
+    "https://hackerone.com/reports/1583680",
+    "https://github.com/nodejs/undici"
+  ],
+  "aliases": [
+    "CVE-2022-32210",
+    "GHSA-pgw7-wx7w-2w33"
+  ],
+  "cve_ids": [
+    "CVE-2022-32210"
+  ],
+  "ghsa_ids": [
+    "GHSA-pgw7-wx7w-2w33"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=4.8.2, fixed<5.5.1"
+  ],
+  "fixed_versions": [
+    "5.5.1"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2023-45143.json

@@ -0,0 +1,75 @@
+{
+  "canonical_id": "undici--CVE-2023-45143",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
+  "summary": "Undici's cookie header not cleared on cross-origin redirect in fetch",
+  "published_at": "2023-10-16T14:05:37Z",
+  "updated_at": "2026-02-04T02:35:56.289390Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
+  "secondary_source_urls": [
+    "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
+    "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
+    "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
+    "https://hackerone.com/reports/2166948",
+    "https://github.com/nodejs/undici",
+    "https://github.com/nodejs/undici/releases/tag/v5.26.2",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
+  ],
+  "aliases": [
+    "CVE-2023-45143",
+    "GHSA-wqq4-5wpv-mx2g"
+  ],
+  "cve_ids": [
+    "CVE-2023-45143"
+  ],
+  "ghsa_ids": [
+    "GHSA-wqq4-5wpv-mx2g"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<5.26.2"
+  ],
+  "fixed_versions": [
+    "5.26.2"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2024-30260.json

@@ -0,0 +1,73 @@
+{
+  "canonical_id": "undici--CVE-2024-30260",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
+  "summary": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
+  "published_at": "2024-04-04T14:20:39Z",
+  "updated_at": "2025-11-04T19:44:28Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
+    "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
+    "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
+    "https://hackerone.com/reports/2408074",
+    "https://github.com/nodejs/undici",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
+    "https://security.netapp.com/advisory/ntap-20240905-0008"
+  ],
+  "aliases": [
+    "CVE-2024-30260",
+    "GHSA-m4v8-wqvr-p9f7"
+  ],
+  "cve_ids": [
+    "CVE-2024-30260"
+  ],
+  "ghsa_ids": [
+    "GHSA-m4v8-wqvr-p9f7"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<5.28.4",
+    "introduced=6.0.0, fixed<6.11.1"
+  ],
+  "fixed_versions": [
+    "5.28.4",
+    "6.11.1"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2024-30261.json

@@ -0,0 +1,73 @@
+{
+  "canonical_id": "undici--CVE-2024-30261",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
+  "summary": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
+  "published_at": "2024-04-04T14:20:54Z",
+  "updated_at": "2025-11-04T19:44:42Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
+    "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
+    "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
+    "https://hackerone.com/reports/2377760",
+    "https://github.com/nodejs/undici",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
+    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
+    "https://security.netapp.com/advisory/ntap-20240905-0008"
+  ],
+  "aliases": [
+    "CVE-2024-30261",
+    "GHSA-9qxr-qj54-h672"
+  ],
+  "cve_ids": [
+    "CVE-2024-30261"
+  ],
+  "ghsa_ids": [
+    "GHSA-9qxr-qj54-h672"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<5.28.4",
+    "introduced=6.0.0, fixed<6.11.1"
+  ],
+  "fixed_versions": [
+    "5.28.4",
+    "6.11.1"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2025-22150.json

@@ -0,0 +1,74 @@
+{
+  "canonical_id": "undici--CVE-2025-22150",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Use of Insufficiently Random Values in undici",
+  "summary": "Use of Insufficiently Random Values in undici",
+  "published_at": "2025-01-21T21:10:47Z",
+  "updated_at": "2026-02-04T02:29:26.373390Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
+    "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
+    "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
+    "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
+    "https://hackerone.com/reports/2913312",
+    "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
+    "https://github.com/nodejs/undici",
+    "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
+  ],
+  "aliases": [
+    "CVE-2025-22150",
+    "GHSA-c76h-2ccp-4975"
+  ],
+  "cve_ids": [
+    "CVE-2025-22150"
+  ],
+  "ghsa_ids": [
+    "GHSA-c76h-2ccp-4975"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=4.5.0, fixed<5.28.5",
+    "introduced=6.0.0, fixed<6.21.1",
+    "introduced=7.0.0, fixed<7.2.3"
+  ],
+  "fixed_versions": [
+    "5.28.5",
+    "6.21.1",
+    "7.2.3"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2025-47279.json

@@ -0,0 +1,71 @@
+{
+  "canonical_id": "undici--CVE-2025-47279",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "undici Denial of Service attack via bad certificate data",
+  "summary": "undici Denial of Service attack via bad certificate data",
+  "published_at": "2025-05-15T14:15:06Z",
+  "updated_at": "2026-02-06T22:08:08.311705Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
+    "https://github.com/nodejs/undici/issues/3895",
+    "https://github.com/nodejs/undici/pull/4088",
+    "https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
+    "https://github.com/nodejs/undici"
+  ],
+  "aliases": [
+    "CVE-2025-47279",
+    "GHSA-cxrh-j4jr-qwg3"
+  ],
+  "cve_ids": [
+    "CVE-2025-47279"
+  ],
+  "ghsa_ids": [
+    "GHSA-cxrh-j4jr-qwg3"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<5.29.0",
+    "introduced=6.0.0, fixed<6.21.2",
+    "introduced=7.0.0, fixed<7.5.0"
+  ],
+  "fixed_versions": [
+    "5.29.0",
+    "6.21.2",
+    "7.5.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-1525.json

@@ -0,0 +1,71 @@
+{
+  "canonical_id": "undici--CVE-2026-1525",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici has an HTTP Request/Response Smuggling issue",
+  "summary": "Undici has an HTTP Request/Response Smuggling issue",
+  "published_at": "2026-03-13T20:07:03Z",
+  "updated_at": "2026-03-14T09:19:54.772219Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
+    "https://hackerone.com/reports/3556037",
+    "https://cna.openjsf.org/security-advisories.html",
+    "https://cwe.mitre.org/data/definitions/444.html",
+    "https://github.com/nodejs/undici",
+    "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
+  ],
+  "aliases": [
+    "CVE-2026-1525",
+    "GHSA-2mjp-6q6p-2qxm"
+  ],
+  "cve_ids": [
+    "CVE-2026-1525"
+  ],
+  "ghsa_ids": [
+    "GHSA-2mjp-6q6p-2qxm"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<6.24.0",
+    "introduced=7.0.0, fixed<7.24.0"
+  ],
+  "fixed_versions": [
+    "6.24.0",
+    "7.24.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary",
+    "request-smuggling-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-1526.json

@@ -0,0 +1,71 @@
+{
+  "canonical_id": "undici--CVE-2026-1526",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
+  "summary": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
+  "published_at": "2026-03-13T20:41:56Z",
+  "updated_at": "2026-03-13T20:54:25.563997Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
+    "https://hackerone.com/reports/3481206",
+    "https://cna.openjsf.org/security-advisories.html",
+    "https://datatracker.ietf.org/doc/html/rfc7692",
+    "https://github.com/nodejs/undici",
+    "https://owasp.org/www-community/attacks/Denial_of_Service"
+  ],
+  "aliases": [
+    "CVE-2026-1526",
+    "GHSA-vrm6-8vpv-qv8q"
+  ],
+  "cve_ids": [
+    "CVE-2026-1526"
+  ],
+  "ghsa_ids": [
+    "GHSA-vrm6-8vpv-qv8q"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<6.24.0",
+    "introduced=7.0.0, fixed<7.24.0"
+  ],
+  "fixed_versions": [
+    "6.24.0",
+    "7.24.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-1527.json

@@ -0,0 +1,68 @@
+{
+  "canonical_id": "undici--CVE-2026-1527",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici has CRLF Injection in undici via `upgrade` option",
+  "summary": "Undici has CRLF Injection in undici via `upgrade` option",
+  "published_at": "2026-03-13T20:41:26Z",
+  "updated_at": "2026-03-13T20:54:25.572106Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
+    "https://hackerone.com/reports/3487198",
+    "https://cna.openjsf.org/security-advisories.html",
+    "https://github.com/nodejs/undici"
+  ],
+  "aliases": [
+    "CVE-2026-1527",
+    "GHSA-4992-7rv2-5pvq"
+  ],
+  "cve_ids": [
+    "CVE-2026-1527"
+  ],
+  "ghsa_ids": [
+    "GHSA-4992-7rv2-5pvq"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<6.24.0",
+    "introduced=7.0.0, fixed<7.24.0"
+  ],
+  "fixed_versions": [
+    "6.24.0",
+    "7.24.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-1528.json

@@ -0,0 +1,68 @@
+{
+  "canonical_id": "undici--CVE-2026-1528",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
+  "summary": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
+  "published_at": "2026-03-13T20:07:26Z",
+  "updated_at": "2026-03-14T09:17:45.838435Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
+    "https://hackerone.com/reports/3537648",
+    "https://cna.openjsf.org/security-advisories.html",
+    "https://github.com/nodejs/undici"
+  ],
+  "aliases": [
+    "CVE-2026-1528",
+    "GHSA-f269-vfmq-vjvj"
+  ],
+  "cve_ids": [
+    "CVE-2026-1528"
+  ],
+  "ghsa_ids": [
+    "GHSA-f269-vfmq-vjvj"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.0.0, fixed<6.24.0",
+    "introduced=7.0.0, fixed<7.24.0"
+  ],
+  "fixed_versions": [
+    "6.24.0",
+    "7.24.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-22036.json

@@ -0,0 +1,67 @@
+{
+  "canonical_id": "undici--CVE-2026-22036",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
+  "summary": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
+  "published_at": "2026-01-14T21:06:08Z",
+  "updated_at": "2026-02-04T02:56:17.456091Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
+    "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
+    "https://github.com/nodejs/undici"
+  ],
+  "aliases": [
+    "CVE-2026-22036",
+    "GHSA-g9mf-h72j-4rw9"
+  ],
+  "cve_ids": [
+    "CVE-2026-22036"
+  ],
+  "ghsa_ids": [
+    "GHSA-g9mf-h72j-4rw9"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=7.0.0, fixed<7.18.2",
+    "introduced=0, fixed<6.23.0"
+  ],
+  "fixed_versions": [
+    "7.18.2",
+    "6.23.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-2229.json

@@ -0,0 +1,71 @@
+{
+  "canonical_id": "undici--CVE-2026-2229",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
+  "summary": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
+  "published_at": "2026-03-13T20:41:41Z",
+  "updated_at": "2026-03-13T20:54:26.149214Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
+    "https://hackerone.com/reports/3487486",
+    "https://cna.openjsf.org/security-advisories.html",
+    "https://datatracker.ietf.org/doc/html/rfc7692",
+    "https://github.com/nodejs/undici",
+    "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
+  ],
+  "aliases": [
+    "CVE-2026-2229",
+    "GHSA-v9p9-hfj2-hcw8"
+  ],
+  "cve_ids": [
+    "CVE-2026-2229"
+  ],
+  "ghsa_ids": [
+    "GHSA-v9p9-hfj2-hcw8"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=0, fixed<6.24.0",
+    "introduced=7.0.0, fixed<7.24.0"
+  ],
+  "fixed_versions": [
+    "6.24.0",
+    "7.24.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/undici--CVE-2026-2581.json

@@ -0,0 +1,66 @@
+{
+  "canonical_id": "undici--CVE-2026-2581",
+  "system_id": "undici",
+  "display_name": "Undici",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
+  "summary": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
+  "published_at": "2026-03-13T20:37:58Z",
+  "updated_at": "2026-03-13T20:54:25.417862Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
+    "https://hackerone.com/reports/3513473",
+    "https://cna.openjsf.org/security-advisories.html",
+    "https://github.com/nodejs/undici"
+  ],
+  "aliases": [
+    "CVE-2026-2581",
+    "GHSA-phc3-fgpg-7m6h"
+  ],
+  "cve_ids": [
+    "CVE-2026-2581"
+  ],
+  "ghsa_ids": [
+    "GHSA-phc3-fgpg-7m6h"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=7.17.0, fixed<7.24.0"
+  ],
+  "fixed_versions": [
+    "7.24.0"
+  ],
+  "package_name": "undici",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md",
+  "secure_code_topics": [
+    "ssrf-url-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "undici-ssrf",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2024-23331.json

@@ -0,0 +1,106 @@
+{
+  "canonical_id": "vite--CVE-2024-23331",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
+  "summary": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
+  "published_at": "2024-01-19T21:58:47Z",
+  "updated_at": "2026-02-04T04:17:01.410592Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
+    "https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
+    "https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
+    "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
+    "https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
+    "https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
+    "https://github.com/vitejs/vite",
+    "https://vitejs.dev/config/server-options.html#server-fs-deny"
+  ],
+  "aliases": [
+    "CVE-2024-23331",
+    "GHSA-c24v-8rfc-w8vw"
+  ],
+  "cve_ids": [
+    "CVE-2024-23331"
+  ],
+  "ghsa_ids": [
+    "GHSA-c24v-8rfc-w8vw"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=2.7.0, fixed<2.9.17",
+    "introduced=3.0.0, fixed<3.2.8",
+    "introduced=4.0.0, fixed<4.5.2",
+    "introduced=5.0.0, fixed<5.0.12"
+  ],
+  "fixed_versions": [
+    "2.9.17",
+    "3.2.8",
+    "4.5.2",
+    "5.0.12"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:32:34+00:00",
+  "last_run_id": "vite-vite--CVE-2024-23331-20260318013228",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-page.json"
+    ],
+    "baseline_title": "Vite Proxy Boundary Fixture",
+    "proof_title": "Vite Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2024-45811.json

@@ -0,0 +1,80 @@
+{
+  "canonical_id": "vite--CVE-2024-45811",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
+  "summary": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
+  "published_at": "2024-09-17T18:44:12Z",
+  "updated_at": "2026-02-04T04:05:31.919291Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
+    "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
+    "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
+    "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
+    "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
+    "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2024-45811",
+    "GHSA-9cwx-2883-4wfx"
+  ],
+  "cve_ids": [
+    "CVE-2024-45811"
+  ],
+  "ghsa_ids": [
+    "GHSA-9cwx-2883-4wfx"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=5.4.0, fixed<5.4.6",
+    "introduced=5.3.0, fixed<5.3.6",
+    "introduced=5.2.0, fixed<5.2.14",
+    "introduced=4.0.0, fixed<4.5.4",
+    "introduced=0, fixed<3.2.11",
+    "introduced=5.0.0, fixed<5.1.8"
+  ],
+  "fixed_versions": [
+    "5.4.6",
+    "5.3.6",
+    "5.2.14",
+    "4.5.4",
+    "3.2.11",
+    "5.1.8"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2024-45812.json

@@ -0,0 +1,115 @@
+{
+  "canonical_id": "vite--CVE-2024-45812",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
+  "summary": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
+  "published_at": "2024-09-17T19:28:01Z",
+  "updated_at": "2026-02-04T04:04:22.977459Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
+  "secondary_source_urls": [
+    "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
+    "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
+    "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af",
+    "https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675",
+    "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd",
+    "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
+    "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3",
+    "https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e",
+    "https://github.com/vitejs/vite",
+    "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
+    "https://scnps.co/papers/sp23_domclob.pdf"
+  ],
+  "aliases": [
+    "CVE-2024-45812",
+    "GHSA-64vr-g452-qvp3"
+  ],
+  "cve_ids": [
+    "CVE-2024-45812"
+  ],
+  "ghsa_ids": [
+    "GHSA-64vr-g452-qvp3"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=5.4.0, fixed<5.4.6",
+    "introduced=5.3.0, fixed<5.3.6",
+    "introduced=5.2.0, fixed<5.2.14",
+    "introduced=4.0.0, fixed<4.5.4",
+    "introduced=0, fixed<3.2.11",
+    "introduced=5.0.0, fixed<5.1.8"
+  ],
+  "fixed_versions": [
+    "5.4.6",
+    "5.3.6",
+    "5.2.14",
+    "4.5.4",
+    "3.2.11",
+    "5.1.8"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary",
+    "xss-output-encoding",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:33:26+00:00",
+  "last_run_id": "vite-vite--CVE-2024-45812-20260318013320",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-page.json"
+    ],
+    "baseline_title": "Vite XSS Fixture",
+    "proof_title": "Vite XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-24010.json

@@ -0,0 +1,101 @@
+{
+  "canonical_id": "vite--CVE-2025-24010",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Websites were able to send any requests to the development server and read the response in vite",
+  "summary": "Websites were able to send any requests to the development server and read the response in vite",
+  "published_at": "2025-01-21T19:52:55Z",
+  "updated_at": "2026-02-04T04:37:03.076966Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-24010",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2025-24010",
+    "GHSA-vg6x-rcgg-rjx6"
+  ],
+  "cve_ids": [
+    "CVE-2025-24010"
+  ],
+  "ghsa_ids": [
+    "GHSA-vg6x-rcgg-rjx6"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.0.0, fixed<6.0.9",
+    "introduced=5.0.0, fixed<5.4.12",
+    "introduced=0, fixed<4.5.6"
+  ],
+  "fixed_versions": [
+    "6.0.9",
+    "5.4.12",
+    "4.5.6"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary",
+    "dom-sink-hardening",
+    "token-cookie-storage",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "last_verified_at": "2026-03-18T01:33:00+00:00",
+  "last_run_id": "vite-vite--CVE-2025-24010-20260318013254",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254",
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-page.json"
+    ],
+    "baseline_title": "Vite File Upload Fixture",
+    "proof_title": "Vite File Upload Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "local-fixture",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-30208.json

@@ -0,0 +1,78 @@
+{
+  "canonical_id": "vite--CVE-2025-30208",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite bypasses server.fs.deny when using ?raw??",
+  "summary": "Vite bypasses server.fs.deny when using ?raw??",
+  "published_at": "2025-03-25T14:00:02Z",
+  "updated_at": "2026-02-04T03:13:24.371631Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
+    "https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
+    "https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
+    "https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
+    "https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
+    "https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2025-30208",
+    "GHSA-x574-m823-4x7w"
+  ],
+  "cve_ids": [
+    "CVE-2025-30208"
+  ],
+  "ghsa_ids": [
+    "GHSA-x574-m823-4x7w"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.2.0, fixed<6.2.3",
+    "introduced=6.1.0, fixed<6.1.2",
+    "introduced=6.0.0, fixed<6.0.12",
+    "introduced=5.0.0, fixed<5.4.15",
+    "introduced=0, fixed<4.5.10"
+  ],
+  "fixed_versions": [
+    "6.2.3",
+    "6.1.2",
+    "6.0.12",
+    "5.4.15",
+    "4.5.10"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-31125.json

@@ -0,0 +1,75 @@
+{
+  "canonical_id": "vite--CVE-2025-31125",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
+  "summary": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
+  "published_at": "2025-03-31T17:31:54Z",
+  "updated_at": "2026-02-04T04:37:24.129476Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
+    "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
+    "https://github.com/vitejs/vite",
+    "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
+  ],
+  "aliases": [
+    "CVE-2025-31125",
+    "GHSA-4r4m-qw57-chr8"
+  ],
+  "cve_ids": [
+    "CVE-2025-31125"
+  ],
+  "ghsa_ids": [
+    "GHSA-4r4m-qw57-chr8"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.2.0, fixed<6.2.4",
+    "introduced=6.1.0, fixed<6.1.3",
+    "introduced=6.0.0, fixed<6.0.13",
+    "introduced=5.0.0, fixed<5.4.16",
+    "introduced=0, fixed<4.5.11"
+  ],
+  "fixed_versions": [
+    "6.2.4",
+    "6.1.3",
+    "6.0.13",
+    "5.4.16",
+    "4.5.11"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-31486.json

@@ -0,0 +1,76 @@
+{
+  "canonical_id": "vite--CVE-2025-31486",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
+  "summary": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
+  "published_at": "2025-04-04T14:20:05Z",
+  "updated_at": "2026-02-04T03:51:38.412061Z",
+  "severity": "low",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
+    "https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
+    "https://github.com/vitejs/vite",
+    "https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
+  ],
+  "aliases": [
+    "CVE-2025-31486",
+    "GHSA-xcj6-pq6g-qj4x"
+  ],
+  "cve_ids": [
+    "CVE-2025-31486"
+  ],
+  "ghsa_ids": [
+    "GHSA-xcj6-pq6g-qj4x"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.2.0, fixed<6.2.5",
+    "introduced=6.1.0, fixed<6.1.4",
+    "introduced=6.0.0, fixed<6.0.14",
+    "introduced=5.0.0, fixed<5.4.17",
+    "introduced=0, fixed<4.5.12"
+  ],
+  "fixed_versions": [
+    "6.2.5",
+    "6.1.4",
+    "6.0.14",
+    "5.4.17",
+    "4.5.12"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-32395.json

@@ -0,0 +1,74 @@
+{
+  "canonical_id": "vite--CVE-2025-32395",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
+  "summary": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
+  "published_at": "2025-04-11T14:06:03Z",
+  "updated_at": "2026-02-04T04:11:44.900383Z",
+  "severity": "medium",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
+    "https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2025-32395",
+    "GHSA-356w-63v5-8wf4"
+  ],
+  "cve_ids": [
+    "CVE-2025-32395"
+  ],
+  "ghsa_ids": [
+    "GHSA-356w-63v5-8wf4"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.2.0, fixed<6.2.6",
+    "introduced=6.1.0, fixed<6.1.5",
+    "introduced=6.0.0, fixed<6.0.15",
+    "introduced=5.0.0, fixed<5.4.18",
+    "introduced=0, fixed<4.5.13"
+  ],
+  "fixed_versions": [
+    "6.2.6",
+    "6.1.5",
+    "6.0.15",
+    "5.4.18",
+    "4.5.13"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-46565.json

@@ -0,0 +1,74 @@
+{
+  "canonical_id": "vite--CVE-2025-46565",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite's server.fs.deny bypassed with /. for files under project root",
+  "summary": "Vite's server.fs.deny bypassed with /. for files under project root",
+  "published_at": "2025-04-30T17:40:27Z",
+  "updated_at": "2026-02-04T03:27:17.681639Z",
+  "severity": "medium",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
+    "https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2025-46565",
+    "GHSA-859w-5945-r5v3"
+  ],
+  "cve_ids": [
+    "CVE-2025-46565"
+  ],
+  "ghsa_ids": [
+    "GHSA-859w-5945-r5v3"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=6.3.0, fixed<6.3.4",
+    "introduced=6.2.0, fixed<6.2.7",
+    "introduced=6.0.0, fixed<6.1.6",
+    "introduced=5.0.0, fixed<5.4.19",
+    "introduced=0, fixed<4.5.14"
+  ],
+  "fixed_versions": [
+    "6.3.4",
+    "6.2.7",
+    "6.1.6",
+    "5.4.19",
+    "4.5.14"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-58751.json

@@ -0,0 +1,76 @@
+{
+  "canonical_id": "vite--CVE-2025-58751",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite middleware may serve files starting with the same name with the public directory",
+  "summary": "Vite middleware may serve files starting with the same name with the public directory",
+  "published_at": "2025-09-09T20:55:56Z",
+  "updated_at": "2026-02-04T04:33:22.508417Z",
+  "severity": "medium",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-58751",
+    "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
+    "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d",
+    "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069",
+    "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec",
+    "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2025-58751",
+    "GHSA-g4jq-h2w9-997c"
+  ],
+  "cve_ids": [
+    "CVE-2025-58751"
+  ],
+  "ghsa_ids": [
+    "GHSA-g4jq-h2w9-997c"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=7.1.0, fixed<7.1.5",
+    "introduced=7.0.0, fixed<7.0.7",
+    "introduced=6.0.0, fixed<6.3.6",
+    "introduced=0, fixed<5.4.20"
+  ],
+  "fixed_versions": [
+    "7.1.5",
+    "7.0.7",
+    "6.3.6",
+    "5.4.20"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-58752.json

@@ -0,0 +1,77 @@
+{
+  "canonical_id": "vite--CVE-2025-58752",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Vite's `server.fs` settings were not applied to HTML files",
+  "summary": "Vite's `server.fs` settings were not applied to HTML files",
+  "published_at": "2025-09-09T20:54:42Z",
+  "updated_at": "2026-02-04T04:35:16.287471Z",
+  "severity": "medium",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-58752",
+    "https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f",
+    "https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e",
+    "https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea",
+    "https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6",
+    "https://github.com/vitejs/vite",
+    "https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md"
+  ],
+  "aliases": [
+    "CVE-2025-58752",
+    "GHSA-jqfw-vq24-v9c3"
+  ],
+  "cve_ids": [
+    "CVE-2025-58752"
+  ],
+  "ghsa_ids": [
+    "GHSA-jqfw-vq24-v9c3"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=7.1.0, fixed<7.1.5",
+    "introduced=7.0.0, fixed<7.0.7",
+    "introduced=6.0.0, fixed<6.3.6",
+    "introduced=0, fixed<5.4.20"
+  ],
+  "fixed_versions": [
+    "7.1.5",
+    "7.0.7",
+    "6.3.6",
+    "5.4.20"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/advisories/vite--CVE-2025-62522.json

@@ -0,0 +1,75 @@
+{
+  "canonical_id": "vite--CVE-2025-62522",
+  "system_id": "vite",
+  "display_name": "Vite",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "vite allows server.fs.deny bypass via backslash on Windows",
+  "summary": "vite allows server.fs.deny bypass via backslash on Windows",
+  "published_at": "2025-10-20T19:54:28Z",
+  "updated_at": "2026-02-04T04:13:38.886554Z",
+  "severity": "medium",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7",
+  "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2025-62522",
+    "https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed",
+    "https://github.com/vitejs/vite"
+  ],
+  "aliases": [
+    "CVE-2025-62522",
+    "GHSA-93m4-6634-74q7"
+  ],
+  "cve_ids": [
+    "CVE-2025-62522"
+  ],
+  "ghsa_ids": [
+    "GHSA-93m4-6634-74q7"
+  ],
+  "osv_ids": [],
+  "affected_versions": [
+    "introduced=7.1.0, fixed<7.1.11",
+    "introduced=7.0.0, fixed<7.0.8",
+    "introduced=6.0.0, fixed<6.4.1",
+    "introduced=2.9.18, fixed<5.4.21",
+    "introduced=3.2.9, fixed<5.4.21",
+    "introduced=4.5.3, fixed<5.4.21",
+    "introduced=5.2.6, fixed<5.4.21"
+  ],
+  "fixed_versions": [
+    "7.1.11",
+    "7.0.8",
+    "6.4.1",
+    "5.4.21"
+  ],
+  "package_name": "vite",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md",
+  "secure_code_topics": [
+    "dependency-upgrade-policy",
+    "file-upload-validation",
+    "proxy-trust-boundary"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": "",
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "vite-file-upload",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [],
+    "source_kinds": [],
+    "candidate_count": 1
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318023002.json

@@ -0,0 +1,128 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-15192-20260318023002",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-15192",
+  "repro_profile_id": "gitea-ssrf",
+  "verification_status": "blocked-artifact",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [],
+  "attack_steps": [],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [],
+  "request_log_refs": [],
+  "compose_refs": [],
+  "timeline": [
+    {
+      "at": "2026-03-18T02:30:02+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-15192"
+    },
+    {
+      "at": "2026-03-18T02:30:02+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-ssrf"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "doctor",
+      "status": "failed",
+      "detail": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n  - <launched> pid=25167\n"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "provision-compose-environment",
+      "status": "blocked-artifact",
+      "detail": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n  - <launched> pid=25167\n"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "wait-ready",
+      "status": "skipped",
+      "detail": "provisioning blocked"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "seed-environment",
+      "status": "skipped",
+      "detail": "runtime steps unavailable"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "baseline-snapshot",
+      "status": "skipped",
+      "detail": "no baseline urls or provisioning blocked"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "controlled-attack-chain",
+      "status": "skipped",
+      "detail": "provisioning blocked"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "skipped",
+      "detail": "container_logs=0"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "skipped",
+      "detail": "cleanup_policy not destroy"
+    },
+    {
+      "at": "2026-03-18T02:42:30+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-15192-20260318023002"
+    }
+  ],
+  "success_evaluation": {
+    "passed": false,
+    "verification_status": "blocked-artifact",
+    "blocked_reason": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n  - <launched> pid=25167\n",
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": false,
+        "detail": "baseline checks were incomplete"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": false,
+        "detail": "runner did not confirm success"
+      }
+    ]
+  },
+  "historical_status": "blocked-artifact",
+  "latest_status": "blocked-artifact",
+  "started_at": "2026-03-18T02:30:02+00:00",
+  "finished_at": "2026-03-18T02:42:30+00:00",
+  "blocked_reason": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n  - <launched> pid=25167\n",
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318034620.json

@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-15192-20260318034620",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-15192",
+  "repro_profile_id": "gitea-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:46:20+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-15192"
+    },
+    {
+      "at": "2026-03-18T03:46:20+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-ssrf"
+    },
+    {
+      "at": "2026-03-18T03:46:21+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:46:23+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:46:23+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:46:23+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:46:23+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:46:23+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:46:23+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:46:25+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:46:25+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-15192-20260318034620"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:46:20+00:00",
+  "finished_at": "2026-03-18T03:46:25+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318034932.json

@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-15192-20260318034932",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-15192",
+  "repro_profile_id": "gitea-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:49:32+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-15192"
+    },
+    {
+      "at": "2026-03-18T03:49:32+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-ssrf"
+    },
+    {
+      "at": "2026-03-18T03:49:33+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:49:35+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:35+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:49:35+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:35+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:49:35+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:36+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:49:37+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:49:37+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-15192-20260318034932"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:49:32+00:00",
+  "finished_at": "2026-03-18T03:49:37+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318035123.json

@@ -0,0 +1,145 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-15192-20260318035123",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-15192",
+  "repro_profile_id": "gitea-ssrf",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.ssrf",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json"
+    }
+  ],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null,
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:51:23+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-15192"
+    },
+    {
+      "at": "2026-03-18T03:51:23+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-ssrf"
+    },
+    {
+      "at": "2026-03-18T03:51:23+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:51:27+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:27+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:51:27+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:51:27+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:51:27+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:51:28+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:51:29+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:51:29+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-15192-20260318035123"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "server-side callback reached the local sink"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:51:23+00:00",
+  "finished_at": "2026-03-18T03:51:29+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318034937.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-18926-20260318034937",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-18926",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:49:37+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-18926"
+    },
+    {
+      "at": "2026-03-18T03:49:37+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T03:49:38+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:49:41+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:41+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:49:41+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:41+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:49:42+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:42+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:42+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:43+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:49:44+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:49:44+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-18926-20260318034937"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:49:37+00:00",
+  "finished_at": "2026-03-18T03:49:44+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318035129.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2018-18926-20260318035129",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2018-18926",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:51:29+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2018-18926"
+    },
+    {
+      "at": "2026-03-18T03:51:29+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T03:51:29+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:51:32+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:32+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:51:32+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:51:32+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:51:33+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:33+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:51:34+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:34+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:51:35+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:51:35+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2018-18926-20260318035129"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:51:29+00:00",
+  "finished_at": "2026-03-18T03:51:35+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318034944.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2019-1010261-20260318034944",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2019-1010261",
+  "repro_profile_id": "gitea-xss",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:49:44+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2019-1010261"
+    },
+    {
+      "at": "2026-03-18T03:49:44+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-xss"
+    },
+    {
+      "at": "2026-03-18T03:49:45+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:49:47+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:47+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:49:47+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:47+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:49:48+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:48+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:49+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:49+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:49:51+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:49:51+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2019-1010261-20260318034944"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "stored payload rendered inside the browser proof page"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:49:44+00:00",
+  "finished_at": "2026-03-18T03:49:51+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318035135.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2019-1010261-20260318035135",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2019-1010261",
+  "repro_profile_id": "gitea-xss",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.xss",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Stored XSS Fixture",
+    "proof_title": "Gitea Stored XSS Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:51:35+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2019-1010261"
+    },
+    {
+      "at": "2026-03-18T03:51:35+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-xss"
+    },
+    {
+      "at": "2026-03-18T03:51:36+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:51:38+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:38+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:51:38+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:51:38+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:51:39+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:39+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:51:40+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:51:40+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:51:42+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:51:42+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2019-1010261-20260318035135"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "stored payload rendered inside the browser proof page"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:51:35+00:00",
+  "finished_at": "2026-03-18T03:51:42+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318013607.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2020-13246-20260318013607",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2020-13246",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:36:07+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2020-13246"
+    },
+    {
+      "at": "2026-03-18T01:36:07+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:36:07+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:36:10+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:36:10+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:36:10+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:36:10+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:36:11+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:36:11+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:36:11+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:36:12+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:36:13+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:36:13+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2020-13246-20260318013607"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:36:07+00:00",
+  "finished_at": "2026-03-18T01:36:13+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318013607/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318014256.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2020-13246-20260318014256",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2020-13246",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T01:42:56+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2020-13246"
+    },
+    {
+      "at": "2026-03-18T01:42:56+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T01:42:57+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T01:43:00+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:43:00+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T01:43:00+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:43:00+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T01:43:01+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:43:01+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T01:43:01+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T01:43:02+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T01:43:03+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T01:43:03+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2020-13246-20260318014256"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T01:42:56+00:00",
+  "finished_at": "2026-03-18T01:43:03+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318014256/timeline.mmd"
+  }
+}

08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318034951.json

@@ -0,0 +1,197 @@
+{
+  "run_id": "gitea-gitea--CVE-2020-13246-20260318034951",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2020-13246",
+  "repro_profile_id": "gitea-proxy-boundary",
+  "verification_status": "verified-real",
+  "verification_mode": "real",
+  "artifact_mode": "local-fixture",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline.json"
+  ],
+  "attack_steps": [
+    {
+      "kind": "runner",
+      "tool": "gitea.proxy-boundary",
+      "status": "completed",
+      "status_code": 200,
+      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/attack.json"
+    }
+  ],
+  "browser_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/baseline.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/baseline-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-page.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/proof.png",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/proof-dom.html",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-console.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-network.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-page.json"
+  ],
+  "browser_evidence": {
+    "required": true,
+    "present": true,
+    "refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-page.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-page.json"
+    ],
+    "baseline_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/baseline.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/baseline-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline-page.json"
+    ],
+    "proof_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/proof.png",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/assets/proof-dom.html",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-console.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-network.json",
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/proof-page.json"
+    ],
+    "baseline_title": "Gitea Proxy Boundary Fixture",
+    "proof_title": "Gitea Proxy Boundary Fixture - proof",
+    "error_kind": null,
+    "reason": null
+  },
+  "container_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/docker/app.log"
+  ],
+  "request_log_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/attack.json",
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/logs/baseline.json"
+  ],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-18T03:49:51+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2020-13246"
+    },
+    {
+      "at": "2026-03-18T03:49:51+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "gitea-proxy-boundary"
+    },
+    {
+      "at": "2026-03-18T03:49:51+00:00",
+      "step": "doctor",
+      "status": "completed",
+      "detail": "all checks passed"
+    },
+    {
+      "at": "2026-03-18T03:49:54+00:00",
+      "step": "provision-compose-environment",
+      "status": "ready",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:54+00:00",
+      "step": "wait-ready",
+      "status": "completed",
+      "detail": "baseline urls ready (1)"
+    },
+    {
+      "at": "2026-03-18T03:49:54+00:00",
+      "step": "seed-environment",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:54+00:00",
+      "step": "baseline-snapshot",
+      "status": "completed",
+      "detail": "urls=1"
+    },
+    {
+      "at": "2026-03-18T03:49:55+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:55+00:00",
+      "step": "controlled-attack-chain",
+      "status": "completed",
+      "detail": "steps=1"
+    },
+    {
+      "at": "2026-03-18T03:49:56+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "completed",
+      "detail": ""
+    },
+    {
+      "at": "2026-03-18T03:49:56+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "completed",
+      "detail": "container_logs=1"
+    },
+    {
+      "at": "2026-03-18T03:49:57+00:00",
+      "step": "cleanup-compose-environment",
+      "status": "completed",
+      "detail": "docker compose down completed"
+    },
+    {
+      "at": "2026-03-18T03:49:57+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-gitea--CVE-2020-13246-20260318034951"
+    }
+  ],
+  "success_evaluation": {
+    "passed": true,
+    "verification_status": "verified-real",
+    "blocked_reason": null,
+    "assertions": [
+      {
+        "name": "baseline-ok",
+        "kind": "baseline-ok",
+        "passed": true,
+        "detail": "baseline URLs responded without 5xx or transport errors"
+      },
+      {
+        "name": "runner-success",
+        "kind": "runner-success",
+        "passed": true,
+        "detail": "trusted forwarded headers crossed the boundary"
+      },
+      {
+        "name": "browser-present",
+        "kind": "browser-present",
+        "passed": true,
+        "detail": "browser evidence captured"
+      }
+    ]
+  },
+  "historical_status": "verified-real",
+  "latest_status": "verified-real",
+  "started_at": "2026-03-18T03:49:51+00:00",
+  "finished_at": "2026-03-18T03:49:57+00:00",
+  "blocked_reason": null,
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318034951/timeline.mmd"
+  }
+}