hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 489 个文件 - 2026-03-26 16:06:46

浏览代码
这个提交包含在:
hao
2026-03-26 16:06:46 -07:00
父节点 1e447fe97f
当前提交 1f7a3d6c60
修改 489 个文件,包含 36042 行新增4391 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

2
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `29`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `23`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `140`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `81`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `89`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `27`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

12
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `prestashop`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `112`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `114`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `2`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `112`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 待人工/缺浏览器证据: `114`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束
@@ -34,6 +34,8 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-25T19:48:31.156136Z` | [link](/Users/x/websafe/07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33673.md) |
| PrestaShop: Improper Use of Validation Framework | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-25T19:49:27.843572Z` | [link](/Users/x/websafe/07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33674.md) |
| CVE-2020-5294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:51.140` | - |
| CVE-2020-5273 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:48.777` | - |
| CVE-2020-5266 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:47.980` | - |

183
07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33673.md 普通文件
查看文件

@@ -0,0 +1,183 @@
---
title: "PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables"
system_id: "prestashop"
category: "ecommerce"
advisory_mode: "core"
published_date: "2026-03-25T19:41:50Z"
updated_date: "2026-03-25T19:48:31.156136Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "ecosystem-authority"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "official-image"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-33673"
- "GHSA-35pf-37c6-jxjv"
affected_versions:
- "9.0.0"
- "9.0.0-alpha.1"
- "9.0.0-beta.1"
- "9.0.0-rc.1"
- "9.0.1"
- "9.0.2"
- "9.0.3"
- "9.1.0-beta.1"
- "9.1.0-rc.1"
- "1.7.0.0"
- "1.7.0.0-beta.1.0"
- "1.7.0.0-beta.2.0"
- "1.7.0.0-beta.3.0"
- "1.7.0.0-beta.4.0"
- "1.7.0.0-rc.0.0"
- "1.7.0.0-rc.1.0"
- "1.7.0.0-rc.2.0"
- "1.7.0.1"
- "1.7.0.2"
- "1.7.0.3"
fixed_versions:
- "9.1.0"
- "8.2.5"
entity_refs:
- "prestashop:system:root-system"
- "prestashop--package--prestashop-prestashop:package:affected-component"
secure_code_topics:
- "plugin-extension-trust-policy"
- "authz-server-side-recheck"
- "file-upload-validation"
- "xss-output-encoding"
primary_source: "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv"
---
# PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `official-image`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `prestashop--CVE-2026-33673`
- 系统: `prestashop`
- 严重度: `low`
- 来源置信度: `ecosystem-authority`
- 官方主源: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv
- 影响版本: `9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1, 9.0.0-rc.1, 9.0.1, 9.0.2, 9.0.3, 9.1.0-beta.1, 9.1.0-rc.1, 1.7.0.0`
- 修复版本: `9.1.0, 8.2.5`
## 对象与版本映射
- Advisory Scope: `package`
- 影响对象: `prestashop / prestashop`
- Entity Refs: `prestashop, prestashop--package--prestashop-prestashop`
- 版本置信度: `high`
- 版本缺口: `-`
- 版本证据源: `https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv, https://github.com/PrestaShop/PrestaShop, https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5, https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0`
## 受控验证流程
- Workflow ID: `prestashop--CVE-2026-33673--workflow`
- 漏洞家族: `xss`
- 入口面: `web-ui-render-path`
- 需要角色: `editor-or-admin`
- 触发向量: 对 `xss` 家族入口投递最小化、可审计、可回滚的受控输入,比较修复前后差异。
- 请求/页面入口: `/admin/editor, /preview, /rendered-content`
- 输入形态: 受控 HTML/Markdown/富文本输入,观察渲染上下文是否失去编码或净化。
- 预期不安全行为: 输入在目标上下文执行或被浏览器解释为主动内容。
## 其他来源
- https://github.com/PrestaShop/PrestaShop
- https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
- https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
## 证据点与补丁验证
### 服务端证据点
- 应用日志中的命中路径、鉴权决策和异常栈
- 反向代理或边界层日志中的请求头、来源 IP 与路由决策
### 浏览器证据点
- 基线截图与攻击后截图的 DOM/视觉差异
- console、network 与 response metadata 中的异常信号
### 数据库/文件系统证据点
- 数据库中新增/越权读取的测试数据
- 文件系统中新增上传样本、缓存条目或越权读取痕迹
### 检测信号
- WAF / reverse proxy 异常日志、访问日志和告警
- 应用审计日志中的权限错误、重定向异常、模板渲染或上传落盘事件
### 补丁验证步骤
- 确认目标版本从 `9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1` 升级或回移到 `9.1.0`
- 保留同一组受控输入,在修复前后分别执行并比对响应、日志与浏览器证据。
- 确认修复后仅保留预期业务行为,不再触发越权、回显、异常渲染或错误请求。
- 补充 `xss` 族自动化回归,避免同类路径在插件、主题或代理链中回归。
### 实验安全备注
- 只使用回环地址、哨兵目标、无害样本或可回滚测试数据。
- 禁止造成持久破坏、越权下载真实数据或不可回滚 side effect。
- 如需浏览器证据,保留 baseline / proof 两份快照以及 console / network 记录。
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

174
07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33674.md 普通文件
查看文件

@@ -0,0 +1,174 @@
---
title: "PrestaShop: Improper Use of Validation Framework"
system_id: "prestashop"
category: "ecommerce"
advisory_mode: "core"
published_date: "2026-03-25T19:40:42Z"
updated_date: "2026-03-25T19:49:27.843572Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "ecosystem-authority"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "official-image"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-33674"
- "GHSA-283w-xf3q-788v"
affected_versions:
- "1.7.0.0"
- "1.7.0.0-beta.1.0"
- "1.7.0.0-beta.2.0"
- "1.7.0.0-beta.3.0"
- "1.7.0.0-beta.4.0"
- "1.7.0.0-rc.0.0"
- "1.7.0.0-rc.1.0"
- "1.7.0.0-rc.2.0"
- "1.7.0.1"
- "1.7.0.2"
- "1.7.0.3"
- "1.7.0.4"
- "1.7.0.5"
- "1.7.0.6"
- "1.7.1.0"
- "1.7.1.1"
- "1.7.1.2"
- "1.7.2.0"
- "1.7.2.0-rc.1.0"
- "1.7.2.1"
fixed_versions:
- "8.2.5"
- "9.1.0"
entity_refs:
- "prestashop:system:root-system"
- "prestashop--package--prestashop-prestashop:package:affected-component"
secure_code_topics:
- "plugin-extension-trust-policy"
- "authz-server-side-recheck"
- "file-upload-validation"
primary_source: "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v"
---
# PrestaShop: Improper Use of Validation Framework
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `official-image`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `prestashop--CVE-2026-33674`
- 系统: `prestashop`
- 严重度: `low`
- 来源置信度: `ecosystem-authority`
- 官方主源: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v
- 影响版本: `1.7.0.0, 1.7.0.0-beta.1.0, 1.7.0.0-beta.2.0, 1.7.0.0-beta.3.0, 1.7.0.0-beta.4.0, 1.7.0.0-rc.0.0, 1.7.0.0-rc.1.0, 1.7.0.0-rc.2.0, 1.7.0.1, 1.7.0.2`
- 修复版本: `8.2.5, 9.1.0`
## 对象与版本映射
- Advisory Scope: `package`
- 影响对象: `prestashop / prestashop`
- Entity Refs: `prestashop, prestashop--package--prestashop-prestashop`
- 版本置信度: `high`
- 版本缺口: `-`
- 版本证据源: `https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v, https://github.com/PrestaShop/PrestaShop, https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5, https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0`
## 受控验证流程
- Workflow ID: `prestashop--CVE-2026-33674--workflow`
- 漏洞家族: `unknown`
- 入口面: `package-surface`
- 需要角色: `unknown`
- 触发向量: 对 `unknown` 家族入口投递最小化、可审计、可回滚的受控输入,比较修复前后差异。
- 请求/页面入口: `/package`
- 输入形态: 提交最小化、可审计、可回滚的受控输入。
- 预期不安全行为: 目标表现出超出设计边界的行为。
## 其他来源
- https://github.com/PrestaShop/PrestaShop
- https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
- https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
## 证据点与补丁验证
### 服务端证据点
- 应用日志中的命中路径、鉴权决策和异常栈
- 反向代理或边界层日志中的请求头、来源 IP 与路由决策
### 浏览器证据点
- 基线截图与攻击后截图的 DOM/视觉差异
- console、network 与 response metadata 中的异常信号
### 数据库/文件系统证据点
- 数据库中新增/越权读取的测试数据
- 文件系统中新增上传样本、缓存条目或越权读取痕迹
### 检测信号
- WAF / reverse proxy 异常日志、访问日志和告警
- 应用审计日志中的权限错误、重定向异常、模板渲染或上传落盘事件
### 补丁验证步骤
- 确认目标版本从 `1.7.0.0, 1.7.0.0-beta.1.0, 1.7.0.0-beta.2.0` 升级或回移到 `8.2.5`
- 保留同一组受控输入,在修复前后分别执行并比对响应、日志与浏览器证据。
- 确认修复后仅保留预期业务行为,不再触发越权、回显、异常渲染或错误请求。
- 补充 `unknown` 族自动化回归,避免同类路径在插件、主题或代理链中回归。
### 实验安全备注
- 只使用回环地址、哨兵目标、无害样本或可回滚测试数据。
- 禁止造成持久破坏、越权下载真实数据或不可回滚 side effect。
- 如需浏览器证据,保留 baseline / proof 两份快照以及 console / network 记录。
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

2
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `24`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `71`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `111`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

4
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -6,13 +6,13 @@
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `3`
- 近 30 天新增/更新: `3`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

4
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -6,13 +6,13 @@
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `82`
- 近 30 天新增/更新: `5`
- 近 30 天新增/更新: `3`
- 重点 Markdown 案例数: `5`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `82`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

11
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `fastify`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `2`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束
@@ -31,4 +31,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-25T19:48:38.788319Z` | [link](/Users/x/websafe/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3635.md) |
| Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16T03:05:26.332715Z` | [link](/Users/x/websafe/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md) |

166
07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3635.md 普通文件
查看文件

@@ -0,0 +1,166 @@
---
title: "fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections"
system_id: "fastify"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-25T19:32:28Z"
updated_date: "2026-03-25T19:48:38.788319Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-3635"
- "GHSA-444r-cwp2-x5xf"
affected_versions:
- "introduced=0, fixed<5.8.3"
fixed_versions:
- "5.8.3"
entity_refs:
- "fastify:system:root-system"
- "fastify--project--fastify:project:affected-component"
secure_code_topics:
- "proxy-trust-boundary"
- "ssrf-url-validation"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf"
---
# fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `fastify--CVE-2026-3635`
- 系统: `fastify`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf
- 影响版本: `introduced=0, fixed<5.8.3`
- 修复版本: `5.8.3`
## 对象与版本映射
- Advisory Scope: `package`
- 影响对象: `fastify`
- Entity Refs: `fastify, fastify--project--fastify`
- 版本置信度: `high`
- 版本缺口: `-`
- 版本证据源: `https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf, https://nvd.nist.gov/vuln/detail/CVE-2026-3635, https://cna.openjsf.org/security-advisories.html, https://github.com/fastify/fastify, https://github.com/fastify/fastify/releases/tag/v5.8.3`
## 受控验证流程
- Workflow ID: `fastify--CVE-2026-3635--workflow`
- 漏洞家族: `proxy-boundary`
- 入口面: `proxy-header-or-trust-boundary`
- 需要角色: `reverse-proxy-or-edge-client`
- 触发向量: 对 `proxy-boundary` 家族入口投递最小化、可审计、可回滚的受控输入,比较修复前后差异。
- 请求/页面入口: `/middleware, /x-forwarded-* trust path`
- 输入形态: 提交受控代理头或来源头,验证信任边界和回源鉴权。
- 预期不安全行为: 仅凭代理头即可越过鉴权或来源控制。
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-3635
- https://cna.openjsf.org/security-advisories.html
- https://github.com/fastify/fastify
- https://github.com/fastify/fastify/releases/tag/v5.8.3
- https://www.cve.org/CVERecord?id=CVE-2026-3635
## 证据点与补丁验证
### 服务端证据点
- 应用日志中的命中路径、鉴权决策和异常栈
- 反向代理或边界层日志中的请求头、来源 IP 与路由决策
### 浏览器证据点
- 基线截图与攻击后截图的 DOM/视觉差异
- console、network 与 response metadata 中的异常信号
### 数据库/文件系统证据点
- 数据库中新增/越权读取的测试数据
- 文件系统中新增上传样本、缓存条目或越权读取痕迹
### 检测信号
- WAF / reverse proxy 异常日志、访问日志和告警
- 应用审计日志中的权限错误、重定向异常、模板渲染或上传落盘事件
- 上游代理与应用层对 Content-Length / Transfer-Encoding / forwarded headers 的解释差异
### 补丁验证步骤
- 确认目标版本从 `introduced=0, fixed<5.8.3` 升级或回移到 `5.8.3`
- 保留同一组受控输入,在修复前后分别执行并比对响应、日志与浏览器证据。
- 确认修复后仅保留预期业务行为,不再触发越权、回显、异常渲染或错误请求。
- 补充 `proxy-boundary` 族自动化回归,避免同类路径在插件、主题或代理链中回归。
### 实验安全备注
- 只使用回环地址、哨兵目标、无害样本或可回滚测试数据。
- 禁止造成持久破坏、越权下载真实数据或不可回滚 side effect。
- 如需浏览器证据,保留 baseline / proof 两份快照以及 console / network 记录。
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

4
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -6,13 +6,13 @@
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

4
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束
@@ -36,7 +36,7 @@
| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:47:09.413134Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:48:06.587119Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:31:23.523529Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:32:38.608475Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-25T19:49:01.129152Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |

2
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
查看文件

@@ -4,7 +4,7 @@ system_id: "nextjs"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-17T15:29:48Z"
updated_date: "2026-03-19T18:32:38.608475Z"
updated_date: "2026-03-25T19:49:01.129152Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"

2
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `8`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `28`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `42`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `11`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

4
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `4`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束
@@ -32,7 +32,7 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Spring Security HTTP Headers Are not Written Under Some Conditions | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-20T20:46:26.164998Z` | [link](/Users/x/websafe/07-framework-security/frameworks/spring-security/cases/spring-security-cve-2026-22732.md) |
| Spring Security HTTP Headers Are not Written Under Some Conditions | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-25T19:59:15.827722Z` | [link](/Users/x/websafe/07-framework-security/frameworks/spring-security/cases/spring-security-cve-2026-22732.md) |
| Spring Security Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Spring Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

2
07-framework-security/frameworks/spring-security/cases/spring-security-cve-2026-22732.md
查看文件

@@ -4,7 +4,7 @@ system_id: "spring-security"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-20T00:31:28Z"
updated_date: "2026-03-20T20:46:26.164998Z"
updated_date: "2026-03-25T19:59:15.827722Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "ecosystem-authority"

4
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -6,13 +6,13 @@
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `3`
- 近 30 天新增/更新: `3`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `3`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/vue/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/frameworks/webpack/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

4
07-framework-security/frameworks/werkzeug/INDEX.md
查看文件

@@ -6,13 +6,13 @@
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/platforms/adminer/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/platforms/gitea/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `13`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

9
07-framework-security/platforms/gitlab-ce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gitlab-ce`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `55`
- 近 30 天新增/更新: `0`
- 总案例数: `56`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `55`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 待人工/缺浏览器证据: `56`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束
@@ -33,6 +33,7 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| GitLab Patch Release: 18.10.1, 18.9.3, 18.8.7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-03-25T00:00:00+00:00` | - |
| MIT License | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View all Solutions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI-Assisted Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

2
07-framework-security/platforms/grafana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `60`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/platforms/jenkins/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `60`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/platforms/kibana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `47`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

4
07-framework-security/platforms/mattermost/INDEX.md
查看文件

@@ -6,13 +6,13 @@
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `31`
- 近 30 天新增/更新: `30`
- 近 30 天新增/更新: `19`
- 重点 Markdown 案例数: `31`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `31`
- 最近渲染时间: `2026-03-24T09:18:19+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/platforms/phpmyadmin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `50`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/platforms/redmine/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `50`
- 最近渲染时间: `2026-03-24T09:18:19+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/servers/apache-httpd/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `135`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/servers/apache-tomcat/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `136`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/servers/caddy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `29`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/servers/haproxy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `7`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/servers/nginx/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `110`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

2
07-framework-security/servers/traefik/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `45`
- 最近渲染时间: `2026-03-24T09:18:18+00:00`
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
## 目标约束

10
08-threat-intel/generated/coverage-matrix.md
查看文件

@@ -17,12 +17,12 @@
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2024-05-20T16:03:47Z` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T02:50:58.022803Z` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-17T19:40:55.690` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-16T03:05:26.332715Z` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-25T19:48:38.788319Z` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:45.778179Z` |
| Ghost | `cms` | `history-full` | `yes` | `yes` | `23` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T10:41:18.820930Z` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `13` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `56` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-25T00:00:00+00:00` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `7` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `Wed, 25 Feb 2026 14:00:00 +0000` |
@@ -37,14 +37,14 @@
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-25T19:49:01.129152Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `100` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `2025-05-15T19:15:54.980` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `112` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2025-04-12T10:46:40.837` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `114` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2026-03-25T19:49:27.843572Z` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `42` | `10` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `2025-05-01T18:49:06.777708Z` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `21` | `3` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `2023-11-08T04:00:21.209483Z` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
@@ -52,7 +52,7 @@
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `71` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `2025-04-20T01:37:25.860` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-13T21:59:19.426456Z` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `11` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `4` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `2026-03-20T20:46:26.164998Z` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `4` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `2026-03-25T19:59:15.827722Z` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |

1462
08-threat-intel/generated/dashboard/advisories.json
查看文件

文件差异因一行或多行过长而隐藏

14
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-24T09:18:20+00:00",
"generated_at": "2026-03-26T10:20:35+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -27,7 +27,7 @@
},
{
"label": "\u5df2\u7f16\u76ee\u5b9e\u4f53",
"value": "109"
"value": "110"
},
{
"label": "\u53d1\u73b0 backlog",
@@ -39,7 +39,7 @@
},
{
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
"value": "2415"
"value": "2419"
}
],
"fields": [
@@ -57,7 +57,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-24T09:18:20+00:00"
"value": "2026-03-26T10:20:35+00:00"
}
],
"links": [
@@ -5973,7 +5973,7 @@
},
{
"label": "Advisory \u6570",
"value": "2415"
"value": "2419"
},
{
"label": "\u72b6\u6001\u7c7b\u578b",
@@ -5992,7 +5992,7 @@
"items": [
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2326 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2330 \u6761\u3002",
"open": false,
"fields": [
{
@@ -6001,7 +6001,7 @@
},
{
"label": "\u6570\u91cf",
"value": "2326"
"value": "2330"
}
]
},

86
08-threat-intel/generated/dashboard/data/completeness.json
查看文件

@@ -1,7 +1,7 @@
{
"generated_at": "2026-03-24T09:18:20+00:00",
"generated_at": "2026-03-26T10:20:35+00:00",
"advisory_total": 89,
"registry_advisory_total": 2415,
"registry_advisory_total": 2419,
"scope": "latest-run-backed-advisories",
"latest_statuses": {
"verified-real": 89
@@ -175,19 +175,19 @@
"active_source_count": 102,
"green_source_count": 102,
"failure_count": 0,
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"last_fully_green_run": "2026-03-26T10:20:18+00:00",
"open_alert_count": 0,
"resolved_alert_count": 101
},
"entity_coverage": {
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"generated_at": "2026-03-26T10:20:34+00:00",
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
"latest_green_count": 99,
"workflow_complete_count": 99,
"version_mapped_count": 51,
"official_source_covered_count": 99,
"history_full_complete_count": 41,
"latest_green_count": 100,
"workflow_complete_count": 100,
"version_mapped_count": 52,
"official_source_covered_count": 100,
"plugin_history_full_count": 4,
"systems": [
{
@@ -601,7 +601,7 @@
"entity_id": "fastify--project--fastify",
"entity_type": "project",
"display_name": "fastify",
"advisory_count": 1,
"advisory_count": 2,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
}
@@ -1305,22 +1305,31 @@
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"cataloged_entity_total": 2,
"child_entity_total": 1,
"cataloged_entity_total": 3,
"child_entity_total": 2,
"candidate_entity_total": 0,
"workflow_complete_count": 1,
"version_mapped_count": 0,
"official_source_covered_count": 1,
"history_full_complete_count": 1,
"latest_green_count": 1,
"workflow_complete_count": 2,
"version_mapped_count": 1,
"official_source_covered_count": 2,
"history_full_complete_count": 2,
"latest_green_count": 2,
"version_gap_entity_count": 1,
"workflow_gap_entity_count": 0,
"plugin_total": 0,
"entity_type_counts": {
"system": 1,
"package": 1,
"repo": 1
},
"top_entities": [
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"display_name": "prestashop / prestashop",
"advisory_count": 2,
"history_backfill_status": "complete",
"latest_sync_status": "green"
},
{
"entity_id": "prestashop--repo--prestashop-prestashop",
"entity_type": "repo",
@@ -1941,30 +1950,31 @@
"discovery_queue": 7,
"history_queue": 27,
"latest_queue": 10,
"workflow_queue": 2177
"workflow_queue": 2178
}
},
"monitor_summary": {
"generated_at": "2026-03-24T09:17:44+00:00",
"generated_at": "2026-03-26T10:20:18+00:00",
"active_source_count": 102,
"green_source_count": 102,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 101,
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"last_fully_green_run": "2026-03-26T10:20:18+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 77
},
"ingest": {
"new_count": 11,
"updated_count": 4,
"new_count": 3,
"updated_count": 2,
"failure_count": 0,
"systems_touched": [
"haproxy",
"mattermost",
"traefik"
"fastify",
"nextjs",
"prestashop",
"spring-security"
]
},
"validation": {
@@ -1973,25 +1983,25 @@
"errors": []
},
"entity_coverage": {
"cataloged_entity_total": 109,
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
"workflow_complete_count": 99,
"version_mapped_count": 51,
"official_source_covered_count": 99
"history_full_complete_count": 41,
"workflow_complete_count": 100,
"version_mapped_count": 52,
"official_source_covered_count": 100
},
"version_coverage": {
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"cataloged_entity_total": 110,
"latest_version_synced_count": 95,
"source_gap_count": 15,
"security_version_total": 6242,
"security_version_entity_count": 82,
"security_version_total": 6297,
"security_version_entity_count": 83,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 11
"lab_enqueued_count": 3
},
"lab_enqueue": {
"enqueued": 11,
"queue_total": 2371,
"enqueued": 3,
"queue_total": 2375,
"pending_count": 0
}
},

41
08-threat-intel/generated/dashboard/data/entity-completeness.json
查看文件

@@ -1,12 +1,12 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"generated_at": "2026-03-26T10:20:34+00:00",
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
"latest_green_count": 99,
"workflow_complete_count": 99,
"version_mapped_count": 51,
"official_source_covered_count": 99,
"history_full_complete_count": 41,
"latest_green_count": 100,
"workflow_complete_count": 100,
"version_mapped_count": 52,
"official_source_covered_count": 100,
"plugin_history_full_count": 4,
"systems": [
{
@@ -420,7 +420,7 @@
"entity_id": "fastify--project--fastify",
"entity_type": "project",
"display_name": "fastify",
"advisory_count": 1,
"advisory_count": 2,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
}
@@ -1124,22 +1124,31 @@
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"cataloged_entity_total": 2,
"child_entity_total": 1,
"cataloged_entity_total": 3,
"child_entity_total": 2,
"candidate_entity_total": 0,
"workflow_complete_count": 1,
"version_mapped_count": 0,
"official_source_covered_count": 1,
"history_full_complete_count": 1,
"latest_green_count": 1,
"workflow_complete_count": 2,
"version_mapped_count": 1,
"official_source_covered_count": 2,
"history_full_complete_count": 2,
"latest_green_count": 2,
"version_gap_entity_count": 1,
"workflow_gap_entity_count": 0,
"plugin_total": 0,
"entity_type_counts": {
"system": 1,
"package": 1,
"repo": 1
},
"top_entities": [
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"display_name": "prestashop / prestashop",
"advisory_count": 2,
"history_backfill_status": "complete",
"latest_sync_status": "green"
},
{
"entity_id": "prestashop--repo--prestashop-prestashop",
"entity_type": "repo",
@@ -1760,6 +1769,6 @@
"discovery_queue": 7,
"history_queue": 27,
"latest_queue": 10,
"workflow_queue": 2177
"workflow_queue": 2178
}
}

4
08-threat-intel/generated/dashboard/data/entity-queues.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"generated_at": "2026-03-26T10:20:34+00:00",
"discovery_queue": {
"count": 7,
"items": [
@@ -408,7 +408,7 @@
]
},
"workflow_queue": {
"count": 2177,
"count": 2178,
"items": [
{
"canonical_id": "adminer--CVE-2026-25878",

3082
08-threat-intel/generated/dashboard/data/lab-enqueue-summary.json
查看文件

文件差异内容过多而无法显示 加载差异

39
08-threat-intel/generated/dashboard/data/monitor-summary.json
查看文件

@@ -1,24 +1,25 @@
{
"generated_at": "2026-03-24T09:17:44+00:00",
"generated_at": "2026-03-26T10:20:18+00:00",
"active_source_count": 102,
"green_source_count": 102,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 101,
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"last_fully_green_run": "2026-03-26T10:20:18+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 77
},
"ingest": {
"new_count": 11,
"updated_count": 4,
"new_count": 3,
"updated_count": 2,
"failure_count": 0,
"systems_touched": [
"haproxy",
"mattermost",
"traefik"
"fastify",
"nextjs",
"prestashop",
"spring-security"
]
},
"validation": {
@@ -27,25 +28,25 @@
"errors": []
},
"entity_coverage": {
"cataloged_entity_total": 109,
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
"workflow_complete_count": 99,
"version_mapped_count": 51,
"official_source_covered_count": 99
"history_full_complete_count": 41,
"workflow_complete_count": 100,
"version_mapped_count": 52,
"official_source_covered_count": 100
},
"version_coverage": {
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"cataloged_entity_total": 110,
"latest_version_synced_count": 95,
"source_gap_count": 15,
"security_version_total": 6242,
"security_version_entity_count": 82,
"security_version_total": 6297,
"security_version_entity_count": 83,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 11
"lab_enqueued_count": 3
},
"lab_enqueue": {
"enqueued": 11,
"queue_total": 2371,
"enqueued": 3,
"queue_total": 2375,
"pending_count": 0
}
}

2115
08-threat-intel/generated/dashboard/data/release-index.json
查看文件

文件差异内容过多而无法显示 加载差异

2
08-threat-intel/generated/dashboard/data/source-catalog-audit.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-24T09:17:05+00:00",
"generated_at": "2026-03-26T09:21:28+00:00",
"system_count": 62,
"source_count": 179,
"active_source_count": 102,

298
08-threat-intel/generated/dashboard/data/source-health.json
查看文件

@@ -1,17 +1,17 @@
{
"generated_at": "2026-03-24T09:17:44+00:00",
"generated_at": "2026-03-26T10:20:18+00:00",
"active_source_count": 102,
"green_source_count": 102,
"failure_count": 0,
"all_green": true,
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"last_fully_green_run": "2026-03-26T10:20:18+00:00",
"retries_performed": 0,
"probes": [
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 2.321,
"elapsed_seconds": 35.138,
"kind": "osv-batch",
"items_seen": 1
},
@@ -19,7 +19,7 @@
"system_id": "adobe-commerce",
"source_name": "Adobe Magento Security Index",
"source_kind": "vendor-index",
"elapsed_seconds": 0.029,
"elapsed_seconds": 1.973,
"kind": "vendor-index",
"items_seen": 46
},
@@ -27,7 +27,7 @@
"system_id": "angular",
"source_name": "OSV Angular",
"source_kind": "osv-batch",
"elapsed_seconds": 1.538,
"elapsed_seconds": 2.67,
"kind": "osv-batch",
"items_seen": 1
},
@@ -35,7 +35,7 @@
"system_id": "apache-httpd",
"source_name": "Apache HTTPD Security",
"source_kind": "html-links",
"elapsed_seconds": 1.611,
"elapsed_seconds": 34.836,
"kind": "html-links",
"items_seen": 182
},
@@ -43,15 +43,15 @@
"system_id": "apache-httpd",
"source_name": "CISA KEV Apache HTTPD",
"source_kind": "kev-json",
"elapsed_seconds": 1.7,
"elapsed_seconds": 3.387,
"kind": "kev-json",
"items_seen": 1551
"items_seen": 1552
},
{
"system_id": "apache-tomcat",
"source_name": "Apache Tomcat Security",
"source_kind": "html-links",
"elapsed_seconds": 1.614,
"elapsed_seconds": 35.095,
"kind": "html-links",
"items_seen": 270
},
@@ -59,15 +59,15 @@
"system_id": "apache-tomcat",
"source_name": "CISA KEV Tomcat",
"source_kind": "kev-json",
"elapsed_seconds": 1.728,
"elapsed_seconds": 3.466,
"kind": "kev-json",
"items_seen": 1551
"items_seen": 1552
},
{
"system_id": "aspnet-core",
"source_name": "OSV ASP.NET Core",
"source_kind": "osv-batch",
"elapsed_seconds": 2.176,
"elapsed_seconds": 35.025,
"kind": "osv-batch",
"items_seen": 1
},
@@ -75,7 +75,7 @@
"system_id": "astro",
"source_name": "OSV Astro",
"source_kind": "osv-batch",
"elapsed_seconds": 1.536,
"elapsed_seconds": 2.696,
"kind": "osv-batch",
"items_seen": 1
},
@@ -83,7 +83,7 @@
"system_id": "caddy",
"source_name": "OSV Caddy",
"source_kind": "osv-batch",
"elapsed_seconds": 2.207,
"elapsed_seconds": 35.139,
"kind": "osv-batch",
"items_seen": 1
},
@@ -91,7 +91,7 @@
"system_id": "directus",
"source_name": "Directus GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.049,
"elapsed_seconds": 1.195,
"kind": "html-links",
"items_seen": 127
},
@@ -99,7 +99,7 @@
"system_id": "directus",
"source_name": "OSV Directus",
"source_kind": "osv-batch",
"elapsed_seconds": 0.954,
"elapsed_seconds": 0.769,
"kind": "osv-batch",
"items_seen": 1
},
@@ -107,7 +107,7 @@
"system_id": "discourse",
"source_name": "Discourse Release Notes RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.03,
"elapsed_seconds": 1.538,
"kind": "rss-feed",
"items_seen": 30
},
@@ -115,7 +115,7 @@
"system_id": "discourse",
"source_name": "Discourse Security RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.029,
"elapsed_seconds": 0.926,
"kind": "rss-feed",
"items_seen": 3
},
@@ -123,7 +123,7 @@
"system_id": "discourse",
"source_name": "OSV Discourse",
"source_kind": "osv-batch",
"elapsed_seconds": 0.824,
"elapsed_seconds": 0.954,
"kind": "osv-batch",
"items_seen": 1
},
@@ -131,7 +131,7 @@
"system_id": "django",
"source_name": "Django Security Releases Archive",
"source_kind": "vendor-index",
"elapsed_seconds": 1.532,
"elapsed_seconds": 3.746,
"kind": "vendor-index",
"items_seen": 1276
},
@@ -139,7 +139,7 @@
"system_id": "django",
"source_name": "Django Security Weblog",
"source_kind": "vendor-index",
"elapsed_seconds": 1.508,
"elapsed_seconds": 35.137,
"kind": "vendor-index",
"items_seen": 332
},
@@ -147,7 +147,7 @@
"system_id": "django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"elapsed_seconds": 3.099,
"elapsed_seconds": 36.192,
"kind": "osv-batch",
"items_seen": 1
},
@@ -155,7 +155,7 @@
"system_id": "drupal",
"source_name": "Drupal Security Advisories RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.051,
"elapsed_seconds": 0.605,
"kind": "rss-feed",
"items_seen": 20
},
@@ -163,7 +163,7 @@
"system_id": "drupal",
"source_name": "OSV Drupal",
"source_kind": "osv-batch",
"elapsed_seconds": 1.795,
"elapsed_seconds": 1.981,
"kind": "osv-batch",
"items_seen": 1
},
@@ -171,7 +171,7 @@
"system_id": "echo",
"source_name": "OSV Echo",
"source_kind": "osv-batch",
"elapsed_seconds": 2.15,
"elapsed_seconds": 35.025,
"kind": "osv-batch",
"items_seen": 1
},
@@ -179,7 +179,7 @@
"system_id": "esbuild",
"source_name": "OSV esbuild",
"source_kind": "osv-batch",
"elapsed_seconds": 1.611,
"elapsed_seconds": 3.263,
"kind": "osv-batch",
"items_seen": 1
},
@@ -187,7 +187,7 @@
"system_id": "express",
"source_name": "OSV Express",
"source_kind": "osv-batch",
"elapsed_seconds": 1.536,
"elapsed_seconds": 2.915,
"kind": "osv-batch",
"items_seen": 1
},
@@ -195,7 +195,7 @@
"system_id": "fastify",
"source_name": "OSV Fastify",
"source_kind": "osv-batch",
"elapsed_seconds": 1.551,
"elapsed_seconds": 3.079,
"kind": "osv-batch",
"items_seen": 1
},
@@ -203,7 +203,7 @@
"system_id": "flask",
"source_name": "OSV Flask",
"source_kind": "osv-batch",
"elapsed_seconds": 2.195,
"elapsed_seconds": 35.078,
"kind": "osv-batch",
"items_seen": 1
},
@@ -211,7 +211,7 @@
"system_id": "ghost",
"source_name": "Ghost GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.051,
"elapsed_seconds": 1.099,
"kind": "html-links",
"items_seen": 119
},
@@ -219,7 +219,7 @@
"system_id": "ghost",
"source_name": "OSV Ghost",
"source_kind": "osv-batch",
"elapsed_seconds": 0.956,
"elapsed_seconds": 0.79,
"kind": "osv-batch",
"items_seen": 1
},
@@ -227,7 +227,7 @@
"system_id": "gin",
"source_name": "OSV Gin",
"source_kind": "osv-batch",
"elapsed_seconds": 2.154,
"elapsed_seconds": 35.023,
"kind": "osv-batch",
"items_seen": 1
},
@@ -235,7 +235,7 @@
"system_id": "gitea",
"source_name": "OSV Gitea",
"source_kind": "osv-batch",
"elapsed_seconds": 2.382,
"elapsed_seconds": 35.524,
"kind": "osv-batch",
"items_seen": 1
},
@@ -243,7 +243,7 @@
"system_id": "gitlab-ce",
"source_name": "GitLab Advisory Database",
"source_kind": "html-links",
"elapsed_seconds": 1.737,
"elapsed_seconds": 35.891,
"kind": "html-links",
"items_seen": 5
},
@@ -251,23 +251,23 @@
"system_id": "gitlab-ce",
"source_name": "GitLab Security Releases Atom",
"source_kind": "atom-feed",
"elapsed_seconds": 1.737,
"elapsed_seconds": 35.675,
"kind": "atom-feed",
"items_seen": 186
"items_seen": 187
},
{
"system_id": "grafana",
"source_name": "CISA KEV Grafana",
"source_kind": "kev-json",
"elapsed_seconds": 1.738,
"elapsed_seconds": 35.076,
"kind": "kev-json",
"items_seen": 1551
"items_seen": 1552
},
{
"system_id": "grafana",
"source_name": "Grafana Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 1.737,
"elapsed_seconds": 35.677,
"kind": "html-links",
"items_seen": 159
},
@@ -275,7 +275,7 @@
"system_id": "hapi",
"source_name": "OSV Hapi",
"source_kind": "osv-batch",
"elapsed_seconds": 1.744,
"elapsed_seconds": 3.044,
"kind": "osv-batch",
"items_seen": 1
},
@@ -283,7 +283,7 @@
"system_id": "haproxy",
"source_name": "HAProxy Blog Feed",
"source_kind": "rss-feed",
"elapsed_seconds": 1.7,
"elapsed_seconds": 36.064,
"kind": "rss-feed",
"items_seen": 10
},
@@ -291,7 +291,7 @@
"system_id": "jenkins",
"source_name": "Jenkins Security Advisories RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 1.737,
"elapsed_seconds": 35.416,
"kind": "rss-feed",
"items_seen": 96
},
@@ -299,7 +299,7 @@
"system_id": "joomla",
"source_name": "Joomla Security Centre",
"source_kind": "html-links",
"elapsed_seconds": 0.051,
"elapsed_seconds": 1.637,
"kind": "html-links",
"items_seen": 139
},
@@ -307,7 +307,7 @@
"system_id": "joomla",
"source_name": "OSV Joomla",
"source_kind": "osv-batch",
"elapsed_seconds": 0.899,
"elapsed_seconds": 0.647,
"kind": "osv-batch",
"items_seen": 1
},
@@ -315,7 +315,7 @@
"system_id": "kibana",
"source_name": "Elastic Product Security",
"source_kind": "html-links",
"elapsed_seconds": 1.738,
"elapsed_seconds": 36.254,
"kind": "html-links",
"items_seen": 66
},
@@ -323,7 +323,7 @@
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 3.279,
"elapsed_seconds": 36.067,
"kind": "nvd-search",
"items_seen": 1
},
@@ -331,7 +331,7 @@
"system_id": "koa",
"source_name": "OSV Koa",
"source_kind": "osv-batch",
"elapsed_seconds": 1.535,
"elapsed_seconds": 2.967,
"kind": "osv-batch",
"items_seen": 1
},
@@ -339,7 +339,7 @@
"system_id": "laravel",
"source_name": "OSV Laravel",
"source_kind": "osv-batch",
"elapsed_seconds": 2.335,
"elapsed_seconds": 35.139,
"kind": "osv-batch",
"items_seen": 1
},
@@ -347,7 +347,7 @@
"system_id": "magento-open-source",
"source_name": "Magento GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.022,
"elapsed_seconds": 1.624,
"kind": "html-links",
"items_seen": 99
},
@@ -355,7 +355,7 @@
"system_id": "magento-open-source",
"source_name": "OSV Magento Open Source",
"source_kind": "osv-batch",
"elapsed_seconds": 0.855,
"elapsed_seconds": 1.524,
"kind": "osv-batch",
"items_seen": 1
},
@@ -363,15 +363,15 @@
"system_id": "magento-open-source",
"source_name": "Sansec Research",
"source_kind": "html-links",
"elapsed_seconds": 0.022,
"elapsed_seconds": 2.02,
"kind": "html-links",
"items_seen": 134
"items_seen": 135
},
{
"system_id": "mattermost",
"source_name": "Mattermost Security Updates JSON",
"source_kind": "json-feed",
"elapsed_seconds": 1.742,
"elapsed_seconds": 35.602,
"kind": "json-feed",
"items_seen": 594
},
@@ -379,7 +379,7 @@
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"source_kind": "osv-batch",
"elapsed_seconds": 3.206,
"elapsed_seconds": 36.592,
"kind": "osv-batch",
"items_seen": 1
},
@@ -387,7 +387,7 @@
"system_id": "mediawiki",
"source_name": "MediaWiki Announce RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.048,
"elapsed_seconds": 2.337,
"kind": "rss-feed",
"items_seen": 30
},
@@ -395,7 +395,7 @@
"system_id": "mediawiki",
"source_name": "OSV MediaWiki",
"source_kind": "osv-batch",
"elapsed_seconds": 1.007,
"elapsed_seconds": 0.812,
"kind": "osv-batch",
"items_seen": 1
},
@@ -403,7 +403,7 @@
"system_id": "medusa",
"source_name": "OSV Medusa",
"source_kind": "osv-batch",
"elapsed_seconds": 0.852,
"elapsed_seconds": 2.581,
"kind": "osv-batch",
"items_seen": 1
},
@@ -411,7 +411,7 @@
"system_id": "moodle",
"source_name": "OSV Moodle",
"source_kind": "osv-batch",
"elapsed_seconds": 3.854,
"elapsed_seconds": 37.993,
"kind": "osv-batch",
"items_seen": 1
},
@@ -419,7 +419,7 @@
"system_id": "nestjs",
"source_name": "OSV NestJS",
"source_kind": "osv-batch",
"elapsed_seconds": 1.535,
"elapsed_seconds": 3.06,
"kind": "osv-batch",
"items_seen": 1
},
@@ -427,7 +427,7 @@
"system_id": "nextjs",
"source_name": "OSV Next.js",
"source_kind": "osv-batch",
"elapsed_seconds": 0.918,
"elapsed_seconds": 2.437,
"kind": "osv-batch",
"items_seen": 1
},
@@ -435,39 +435,39 @@
"system_id": "nginx",
"source_name": "CISA KEV NGINX",
"source_kind": "kev-json",
"elapsed_seconds": 1.7,
"elapsed_seconds": 3.374,
"kind": "kev-json",
"items_seen": 1551
"items_seen": 1552
},
{
"system_id": "nginx",
"source_name": "NGINX Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 1.551,
"elapsed_seconds": 35.358,
"kind": "html-links",
"items_seen": 138
"items_seen": 150
},
{
"system_id": "nodejs",
"source_name": "CISA KEV Node.js",
"source_kind": "kev-json",
"elapsed_seconds": 1.728,
"elapsed_seconds": 2.964,
"kind": "kev-json",
"items_seen": 1551
"items_seen": 1552
},
{
"system_id": "nodejs",
"source_name": "Node.js Security Releases",
"source_kind": "html-links",
"elapsed_seconds": 0.906,
"elapsed_seconds": 3.026,
"kind": "html-links",
"items_seen": 73
"items_seen": 74
},
{
"system_id": "nuxt",
"source_name": "OSV Nuxt",
"source_kind": "osv-batch",
"elapsed_seconds": 1.452,
"elapsed_seconds": 2.774,
"kind": "osv-batch",
"items_seen": 1
},
@@ -475,7 +475,7 @@
"system_id": "opencart",
"source_name": "OSV OpenCart",
"source_kind": "osv-batch",
"elapsed_seconds": 0.887,
"elapsed_seconds": 2.392,
"kind": "osv-batch",
"items_seen": 1
},
@@ -483,7 +483,7 @@
"system_id": "opencart",
"source_name": "OpenCart Releases",
"source_kind": "html-links",
"elapsed_seconds": 0.012,
"elapsed_seconds": 36.392,
"kind": "html-links",
"items_seen": 1500
},
@@ -491,7 +491,7 @@
"system_id": "openmage",
"source_name": "OSV OpenMage",
"source_kind": "osv-batch",
"elapsed_seconds": 0.93,
"elapsed_seconds": 1.535,
"kind": "osv-batch",
"items_seen": 1
},
@@ -499,7 +499,7 @@
"system_id": "openmage",
"source_name": "OpenMage GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.019,
"elapsed_seconds": 2.323,
"kind": "html-links",
"items_seen": 125
},
@@ -507,7 +507,7 @@
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 2.616,
"elapsed_seconds": 35.308,
"kind": "osv-batch",
"items_seen": 1
},
@@ -515,7 +515,7 @@
"system_id": "phpmyadmin",
"source_name": "phpMyAdmin Security Page",
"source_kind": "html-links",
"elapsed_seconds": 1.7,
"elapsed_seconds": 35.049,
"kind": "html-links",
"items_seen": 263
},
@@ -523,7 +523,7 @@
"system_id": "prestashop",
"source_name": "Friends Of Presta Security",
"source_kind": "html-links",
"elapsed_seconds": 0.014,
"elapsed_seconds": 2.331,
"kind": "html-links",
"items_seen": 38
},
@@ -531,7 +531,7 @@
"system_id": "prestashop",
"source_name": "GitHub PrestaShop Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.015,
"elapsed_seconds": 2.245,
"kind": "html-links",
"items_seen": 127
},
@@ -539,7 +539,7 @@
"system_id": "prestashop",
"source_name": "OSV PrestaShop",
"source_kind": "osv-batch",
"elapsed_seconds": 0.919,
"elapsed_seconds": 1.978,
"kind": "osv-batch",
"items_seen": 1
},
@@ -547,7 +547,7 @@
"system_id": "prestashop",
"source_name": "PrestaShop Security Page",
"source_kind": "html-links",
"elapsed_seconds": 0.015,
"elapsed_seconds": 1.843,
"kind": "html-links",
"items_seen": 60
},
@@ -555,7 +555,7 @@
"system_id": "rails",
"source_name": "OSV Rails",
"source_kind": "osv-batch",
"elapsed_seconds": 2.182,
"elapsed_seconds": 3.748,
"kind": "osv-batch",
"items_seen": 1
},
@@ -563,7 +563,7 @@
"system_id": "react",
"source_name": "OSV React",
"source_kind": "osv-batch",
"elapsed_seconds": 0.873,
"elapsed_seconds": 2.581,
"kind": "osv-batch",
"items_seen": 1
},
@@ -571,7 +571,7 @@
"system_id": "redmine",
"source_name": "OSV Redmine",
"source_kind": "osv-batch",
"elapsed_seconds": 2.275,
"elapsed_seconds": 35.697,
"kind": "osv-batch",
"items_seen": 1
},
@@ -579,7 +579,7 @@
"system_id": "redmine",
"source_name": "Redmine Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 1.744,
"elapsed_seconds": 36.813,
"kind": "html-links",
"items_seen": 371
},
@@ -587,7 +587,7 @@
"system_id": "saleor",
"source_name": "GitHub Saleor Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.006,
"elapsed_seconds": 2.78,
"kind": "html-links",
"items_seen": 120
},
@@ -595,7 +595,7 @@
"system_id": "saleor",
"source_name": "OSV Saleor",
"source_kind": "osv-batch",
"elapsed_seconds": 0.881,
"elapsed_seconds": 2.388,
"kind": "osv-batch",
"items_seen": 1
},
@@ -603,7 +603,7 @@
"system_id": "shopware",
"source_name": "OSV Shopware",
"source_kind": "osv-batch",
"elapsed_seconds": 1.146,
"elapsed_seconds": 2.492,
"kind": "osv-batch",
"items_seen": 1
},
@@ -611,7 +611,7 @@
"system_id": "shopware",
"source_name": "Shopware Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.014,
"elapsed_seconds": 2.388,
"kind": "html-links",
"items_seen": 129
},
@@ -619,7 +619,7 @@
"system_id": "spring-boot",
"source_name": "OSV Spring Boot",
"source_kind": "osv-batch",
"elapsed_seconds": 1.809,
"elapsed_seconds": 3.466,
"kind": "osv-batch",
"items_seen": 1
},
@@ -627,7 +627,7 @@
"system_id": "spring-boot",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 1.134,
"elapsed_seconds": 3.614,
"kind": "html-links",
"items_seen": 118
},
@@ -635,7 +635,7 @@
"system_id": "spring-framework",
"source_name": "OSV Spring Framework",
"source_kind": "osv-batch",
"elapsed_seconds": 1.673,
"elapsed_seconds": 3.387,
"kind": "osv-batch",
"items_seen": 1
},
@@ -643,7 +643,7 @@
"system_id": "spring-framework",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.951,
"elapsed_seconds": 3.614,
"kind": "html-links",
"items_seen": 118
},
@@ -651,7 +651,7 @@
"system_id": "spring-security",
"source_name": "OSV Spring Security",
"source_kind": "osv-batch",
"elapsed_seconds": 1.742,
"elapsed_seconds": 3.374,
"kind": "osv-batch",
"items_seen": 1
},
@@ -659,7 +659,7 @@
"system_id": "spring-security",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.977,
"elapsed_seconds": 3.614,
"kind": "html-links",
"items_seen": 118
},
@@ -667,7 +667,7 @@
"system_id": "strapi",
"source_name": "OSV Strapi",
"source_kind": "osv-batch",
"elapsed_seconds": 1.0,
"elapsed_seconds": 0.781,
"kind": "osv-batch",
"items_seen": 1
},
@@ -675,7 +675,7 @@
"system_id": "strapi",
"source_name": "Strapi GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.05,
"elapsed_seconds": 1.038,
"kind": "html-links",
"items_seen": 124
},
@@ -683,7 +683,7 @@
"system_id": "sveltekit",
"source_name": "OSV SvelteKit",
"source_kind": "osv-batch",
"elapsed_seconds": 1.508,
"elapsed_seconds": 2.69,
"kind": "osv-batch",
"items_seen": 1
},
@@ -691,7 +691,7 @@
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 2.93,
"elapsed_seconds": 35.448,
"kind": "osv-batch",
"items_seen": 1
},
@@ -699,7 +699,7 @@
"system_id": "traefik",
"source_name": "OSV Traefik",
"source_kind": "osv-batch",
"elapsed_seconds": 2.341,
"elapsed_seconds": 35.077,
"kind": "osv-batch",
"items_seen": 1
},
@@ -707,7 +707,7 @@
"system_id": "undici",
"source_name": "OSV Undici",
"source_kind": "osv-batch",
"elapsed_seconds": 1.614,
"elapsed_seconds": 3.099,
"kind": "osv-batch",
"items_seen": 1
},
@@ -715,7 +715,7 @@
"system_id": "vite",
"source_name": "OSV Vite",
"source_kind": "osv-batch",
"elapsed_seconds": 1.538,
"elapsed_seconds": 2.688,
"kind": "osv-batch",
"items_seen": 1
},
@@ -723,7 +723,7 @@
"system_id": "vue",
"source_name": "OSV Vue",
"source_kind": "osv-batch",
"elapsed_seconds": 0.835,
"elapsed_seconds": 2.85,
"kind": "osv-batch",
"items_seen": 1
},
@@ -731,7 +731,7 @@
"system_id": "webpack",
"source_name": "OSV webpack",
"source_kind": "osv-batch",
"elapsed_seconds": 1.614,
"elapsed_seconds": 3.154,
"kind": "osv-batch",
"items_seen": 1
},
@@ -739,7 +739,7 @@
"system_id": "werkzeug",
"source_name": "OSV Werkzeug",
"source_kind": "osv-batch",
"elapsed_seconds": 2.177,
"elapsed_seconds": 35.076,
"kind": "osv-batch",
"items_seen": 1
},
@@ -747,7 +747,7 @@
"system_id": "woocommerce",
"source_name": "GitHub WooCommerce Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.017,
"elapsed_seconds": 1.976,
"kind": "html-links",
"items_seen": 107
},
@@ -755,7 +755,7 @@
"system_id": "woocommerce",
"source_name": "OSV WooCommerce",
"source_kind": "osv-batch",
"elapsed_seconds": 0.802,
"elapsed_seconds": 1.642,
"kind": "osv-batch",
"items_seen": 1
},
@@ -763,7 +763,7 @@
"system_id": "woocommerce",
"source_name": "Patchstack Database",
"source_kind": "html-links",
"elapsed_seconds": 0.017,
"elapsed_seconds": 1.183,
"kind": "html-links",
"items_seen": 193
},
@@ -771,7 +771,7 @@
"system_id": "woocommerce",
"source_name": "Woo Developer Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.019,
"elapsed_seconds": 1.636,
"kind": "html-links",
"items_seen": 121
},
@@ -779,7 +779,7 @@
"system_id": "woocommerce",
"source_name": "Wordfence Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.015,
"elapsed_seconds": 1.106,
"kind": "html-links",
"items_seen": 0
},
@@ -787,7 +787,7 @@
"system_id": "wordpress",
"source_name": "Patchstack Database",
"source_kind": "html-links",
"elapsed_seconds": 0.053,
"elapsed_seconds": 1.185,
"kind": "html-links",
"items_seen": 193
},
@@ -795,7 +795,7 @@
"system_id": "wordpress",
"source_name": "PortSwigger Research",
"source_kind": "html-links",
"elapsed_seconds": 1.509,
"elapsed_seconds": 1.336,
"kind": "html-links",
"items_seen": 99
},
@@ -803,7 +803,7 @@
"system_id": "wordpress",
"source_name": "WPScan Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.053,
"elapsed_seconds": 1.108,
"kind": "html-links",
"items_seen": 74
},
@@ -811,7 +811,7 @@
"system_id": "wordpress",
"source_name": "WordPress Security News RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.055,
"elapsed_seconds": 1.483,
"kind": "rss-feed",
"items_seen": 10
},
@@ -819,7 +819,7 @@
"system_id": "wordpress",
"source_name": "Wordfence Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.055,
"elapsed_seconds": 0.34,
"kind": "html-links",
"items_seen": 0
}
@@ -830,70 +830,70 @@
"system_id": "moodle",
"source_name": "OSV Moodle",
"source_kind": "osv-batch",
"elapsed_seconds": 3.854,
"elapsed_seconds": 37.993,
"status": "ok"
},
{
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 3.279,
"system_id": "redmine",
"source_name": "Redmine Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 36.813,
"status": "ok"
},
{
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"source_kind": "osv-batch",
"elapsed_seconds": 3.206,
"elapsed_seconds": 36.592,
"status": "ok"
},
{
"system_id": "opencart",
"source_name": "OpenCart Releases",
"source_kind": "html-links",
"elapsed_seconds": 36.392,
"status": "ok"
},
{
"system_id": "kibana",
"source_name": "Elastic Product Security",
"source_kind": "html-links",
"elapsed_seconds": 36.254,
"status": "ok"
},
{
"system_id": "django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"elapsed_seconds": 3.099,
"elapsed_seconds": 36.192,
"status": "ok"
},
{
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 2.93,
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 36.067,
"status": "ok"
},
{
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 2.616,
"system_id": "haproxy",
"source_name": "HAProxy Blog Feed",
"source_kind": "rss-feed",
"elapsed_seconds": 36.064,
"status": "ok"
},
{
"system_id": "gitea",
"source_name": "OSV Gitea",
"source_kind": "osv-batch",
"elapsed_seconds": 2.382,
"system_id": "gitlab-ce",
"source_name": "GitLab Advisory Database",
"source_kind": "html-links",
"elapsed_seconds": 35.891,
"status": "ok"
},
{
"system_id": "traefik",
"source_name": "OSV Traefik",
"system_id": "redmine",
"source_name": "OSV Redmine",
"source_kind": "osv-batch",
"elapsed_seconds": 2.341,
"status": "ok"
},
{
"system_id": "laravel",
"source_name": "OSV Laravel",
"source_kind": "osv-batch",
"elapsed_seconds": 2.335,
"status": "ok"
},
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 2.321,
"elapsed_seconds": 35.697,
"status": "ok"
}
],

2
08-threat-intel/generated/dashboard/data/version-backlog.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"generated_at": "2026-03-26T10:20:34+00:00",
"source_gap_entities": [
{
"entity_id": "adminer",

178
08-threat-intel/generated/dashboard/data/version-completeness.json
查看文件

@@ -1,12 +1,12 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"generated_at": "2026-03-26T10:20:34+00:00",
"cataloged_entity_total": 110,
"latest_version_synced_count": 95,
"source_gap_count": 15,
"security_version_total": 6242,
"security_version_entity_count": 82,
"security_version_total": 6297,
"security_version_entity_count": 83,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 11,
"lab_enqueued_count": 3,
"systems": [
{
"system_id": "adminer",
@@ -41,16 +41,16 @@
"entity_id": "angular",
"display_name": "Angular",
"entity_type": "system",
"latest_version": "21.2.5",
"latest_release_at": "",
"latest_version": "21.2.6",
"latest_release_at": "2026-03-17T01:31:35.828211Z",
"version_sync_status": "green"
},
{
"entity_id": "angular--package--angular-core",
"display_name": "angular / core",
"entity_type": "package",
"latest_version": "21.2.5",
"latest_release_at": "",
"latest_version": "21.2.6",
"latest_release_at": "2026-03-17T01:31:35.828211Z",
"version_sync_status": "green"
}
]
@@ -117,7 +117,7 @@
"display_name": "Astro",
"entity_type": "system",
"latest_version": "6.0.8",
"latest_release_at": "",
"latest_release_at": "2025-11-20T14:43:59.624508Z",
"version_sync_status": "green"
},
{
@@ -125,7 +125,7 @@
"display_name": "astro",
"entity_type": "project",
"latest_version": "6.0.8",
"latest_release_at": "",
"latest_release_at": "2025-11-27T08:22:36.525875Z",
"version_sync_status": "green"
},
{
@@ -133,7 +133,7 @@
"display_name": "astro",
"entity_type": "module",
"latest_version": "6.0.8",
"latest_release_at": "",
"latest_release_at": "2025-11-20T14:43:59.624508Z",
"version_sync_status": "green"
}
]
@@ -151,8 +151,8 @@
"entity_id": "caddy",
"display_name": "Caddy",
"entity_type": "system",
"latest_version": "2.11.1",
"latest_release_at": "2026-02-27T19:55:10Z",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"version_sync_status": "green"
},
{
@@ -160,15 +160,15 @@
"display_name": "caddyserver / caddy / v2",
"entity_type": "repo",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-23T04:52:47.652974Z",
"latest_release_at": "2026-03-06T02:43:43Z",
"version_sync_status": "green"
},
{
"entity_id": "caddy--extension--github-com-caddyserver-caddy-v2",
"display_name": "caddyserver / caddy / v2",
"entity_type": "extension",
"latest_version": "2.11.1",
"latest_release_at": "2026-02-27T19:55:10Z",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"version_sync_status": "green"
}
]
@@ -186,16 +186,16 @@
"entity_id": "directus",
"display_name": "Directus",
"entity_type": "system",
"latest_version": "3573-4c68-g8cc",
"latest_release_at": "2026-03-10T22:20:52Z",
"latest_version": "11.17.0",
"latest_release_at": "2026-03-24T23:17:51Z",
"version_sync_status": "green"
},
{
"entity_id": "directus--repo--directus-directus",
"display_name": "directus / directus",
"entity_type": "repo",
"latest_version": "3573-4c68-g8cc",
"latest_release_at": "2026-03-10T22:20:52Z",
"latest_version": "11.17.0",
"latest_release_at": "2026-03-24T23:17:51Z",
"version_sync_status": "green"
}
]
@@ -206,7 +206,7 @@
"cataloged_entity_total": 1,
"latest_version_synced_count": 1,
"source_gap_count": 0,
"security_version_count": 78,
"security_version_count": 80,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -278,16 +278,16 @@
"entity_id": "echo",
"display_name": "Echo",
"entity_type": "system",
"latest_version": "4.9.0",
"latest_release_at": "2024-05-20T16:03:47Z",
"latest_version": "5.0.4",
"latest_release_at": "2026-02-15T15:55:53Z",
"version_sync_status": "green"
},
{
"entity_id": "echo--repo--github-com-labstack-echo-v4",
"display_name": "labstack / echo / v4",
"entity_type": "repo",
"latest_version": "4.9.0",
"latest_release_at": "2024-05-20T16:03:47Z",
"latest_version": "5.0.4",
"latest_release_at": "2026-02-15T15:55:53Z",
"version_sync_status": "green"
}
]
@@ -335,7 +335,7 @@
"cataloged_entity_total": 2,
"latest_version_synced_count": 2,
"source_gap_count": 0,
"security_version_count": 2,
"security_version_count": 4,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -396,7 +396,7 @@
"entity_id": "ghost",
"display_name": "Ghost",
"entity_type": "system",
"latest_version": "52.1k",
"latest_version": "6.22.1",
"latest_release_at": "2026-03-20T15:25:05Z",
"version_sync_status": "green"
},
@@ -404,7 +404,7 @@
"entity_id": "ghost--repo--tryghost-ghost",
"display_name": "TryGhost / Ghost",
"entity_type": "repo",
"latest_version": "52.1k",
"latest_version": "6.22.1",
"latest_release_at": "2026-03-20T15:25:05Z",
"version_sync_status": "green"
}
@@ -423,16 +423,16 @@
"entity_id": "gin",
"display_name": "Gin",
"entity_type": "system",
"latest_version": "1.7.7",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"latest_version": "1.12.0",
"latest_release_at": "2026-02-28T10:12:25Z",
"version_sync_status": "green"
},
{
"entity_id": "gin--repo--github-com-gin-gonic-gin",
"display_name": "gin-gonic / gin",
"entity_type": "repo",
"latest_version": "1.7.7",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"latest_version": "1.12.0",
"latest_release_at": "2026-02-28T10:12:25Z",
"version_sync_status": "green"
}
]
@@ -453,15 +453,15 @@
"cataloged_entity_total": 1,
"latest_version_synced_count": 1,
"source_gap_count": 0,
"security_version_count": 612,
"security_version_count": 625,
"auto_promoted_count": 0,
"latest_versions": [
{
"entity_id": "gitlab-ce",
"display_name": "GitLab CE",
"entity_type": "system",
"latest_version": "2026-3848---improper-neutralization-of-crlf-sequences-issue-impacts-gitlab-ceee",
"latest_release_at": "2026-03-11T00:00:00+00:00",
"latest_version": "2026-4363---incorrect-authorization-issue-in-authorization-caching-impacts-gitlab-ee",
"latest_release_at": "2026-03-25T00:00:00+00:00",
"version_sync_status": "green"
}
]
@@ -601,16 +601,16 @@
"entity_id": "laravel",
"display_name": "Laravel",
"entity_type": "system",
"latest_version": "13.1.1",
"latest_release_at": "2026-03-18T17:10:25+00:00",
"latest_version": "13.2.0",
"latest_release_at": "2026-03-24T18:42:09+00:00",
"version_sync_status": "green"
},
{
"entity_id": "laravel--package--laravel-framework",
"display_name": "laravel / framework",
"entity_type": "package",
"latest_version": "13.1.1",
"latest_release_at": "2026-03-18T17:10:25+00:00",
"latest_version": "13.2.0",
"latest_release_at": "2026-03-24T18:42:09+00:00",
"version_sync_status": "green"
}
]
@@ -628,7 +628,7 @@
"entity_id": "magento-open-source",
"display_name": "Magento Open Source",
"entity_type": "system",
"latest_version": "300.000",
"latest_version": "2.4.9-beta1",
"latest_release_at": "2026-03-10T14:04:22Z",
"version_sync_status": "green"
},
@@ -636,7 +636,7 @@
"entity_id": "magento-open-source--repo--magento-magento2",
"display_name": "magento / magento2",
"entity_type": "repo",
"latest_version": "300.000",
"latest_version": "2.4.9-beta1",
"latest_release_at": "2026-03-10T14:04:22Z",
"version_sync_status": "green"
}
@@ -671,8 +671,8 @@
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"display_name": "mattermost / mattermost-server",
"entity_type": "repo",
"latest_version": "26.2.1",
"latest_release_at": "2023-10-03",
"latest_version": "11.4.3",
"latest_release_at": "2026-03-16T08:26:52Z",
"version_sync_status": "green"
},
{
@@ -829,7 +829,7 @@
"entity_id": "opencart",
"display_name": "OpenCart",
"entity_type": "system",
"latest_version": "8.1k",
"latest_version": "3.0.5.0",
"latest_release_at": "2025-12-12T10:27:11Z",
"version_sync_status": "green"
},
@@ -837,7 +837,7 @@
"entity_id": "opencart--repo--opencart-opencart",
"display_name": "opencart / opencart",
"entity_type": "repo",
"latest_version": "8.1k",
"latest_version": "3.0.5.0",
"latest_release_at": "2025-12-12T10:27:11Z",
"version_sync_status": "green"
}
@@ -892,26 +892,34 @@
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"cataloged_entity_total": 2,
"latest_version_synced_count": 2,
"cataloged_entity_total": 3,
"latest_version_synced_count": 3,
"source_gap_count": 0,
"security_version_count": 18,
"security_version_count": 59,
"auto_promoted_count": 1,
"latest_versions": [
{
"entity_id": "prestashop",
"display_name": "PrestaShop",
"entity_type": "system",
"latest_version": "3366-9287-7qpr",
"latest_release_at": "2026-02-03T10:01:48Z",
"latest_version": "8.2.5",
"latest_release_at": "2026-03-23T10:07:16Z",
"version_sync_status": "green"
},
{
"entity_id": "prestashop--package--prestashop-prestashop",
"display_name": "prestashop / prestashop",
"entity_type": "package",
"latest_version": "9.1.0",
"latest_release_at": "2026-03-13T18:04:58+00:00",
"version_sync_status": "green"
},
{
"entity_id": "prestashop--repo--prestashop-prestashop",
"display_name": "PrestaShop / PrestaShop",
"entity_type": "repo",
"latest_version": "3366-9287-7qpr",
"latest_release_at": "2026-02-03T10:01:48Z",
"latest_version": "8.2.5",
"latest_release_at": "2026-03-23T10:07:16Z",
"version_sync_status": "green"
}
]
@@ -1010,16 +1018,16 @@
"entity_id": "saleor",
"display_name": "Saleor",
"entity_type": "system",
"latest_version": "22.7k",
"latest_release_at": "2026-03-19T13:13:39Z",
"latest_version": "3.22.44",
"latest_release_at": "2026-03-24T13:34:33Z",
"version_sync_status": "green"
},
{
"entity_id": "saleor--repo--saleor-saleor",
"display_name": "saleor / saleor",
"entity_type": "repo",
"latest_version": "22.7k",
"latest_release_at": "2026-03-19T13:13:39Z",
"latest_version": "3.22.44",
"latest_release_at": "2026-03-24T13:34:33Z",
"version_sync_status": "green"
}
]
@@ -1037,7 +1045,7 @@
"entity_id": "shopware",
"display_name": "Shopware",
"entity_type": "system",
"latest_version": "3.3k",
"latest_version": "6.7.8.2",
"latest_release_at": "2026-03-18T15:05:49Z",
"version_sync_status": "green"
},
@@ -1045,7 +1053,7 @@
"entity_id": "shopware--repo--shopware-shopware",
"display_name": "shopware / shopware",
"entity_type": "repo",
"latest_version": "3.3k",
"latest_version": "6.7.8.2",
"latest_release_at": "2026-03-18T15:05:49Z",
"version_sync_status": "green"
}
@@ -1102,7 +1110,7 @@
"display_name": "Spring Security",
"entity_type": "system",
"latest_version": "7.0.4",
"latest_release_at": "2026-03-20T20:46:26.164998Z",
"latest_release_at": "2026-03-25T19:59:15.827722Z",
"version_sync_status": "green"
},
{
@@ -1110,7 +1118,7 @@
"display_name": "org.springframework.security:spring-security-web",
"entity_type": "project",
"latest_version": "7.0.4",
"latest_release_at": "2026-03-20T20:46:26.164998Z",
"latest_release_at": "2026-03-25T19:59:15.827722Z",
"version_sync_status": "green"
}
]
@@ -1128,7 +1136,7 @@
"entity_id": "strapi",
"display_name": "Strapi",
"entity_type": "system",
"latest_version": "71.7k",
"latest_version": "5.40.0",
"latest_release_at": "2026-03-18T13:33:01Z",
"version_sync_status": "green"
},
@@ -1136,7 +1144,7 @@
"entity_id": "strapi--repo--strapi-strapi",
"display_name": "strapi / strapi",
"entity_type": "repo",
"latest_version": "71.7k",
"latest_version": "5.40.0",
"latest_release_at": "2026-03-18T13:33:01Z",
"version_sync_status": "green"
}
@@ -1209,24 +1217,24 @@
"entity_id": "traefik",
"display_name": "Traefik",
"entity_type": "system",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"latest_version": "2.11.42",
"latest_release_at": "2026-03-26T09:02:56Z",
"version_sync_status": "green"
},
{
"entity_id": "traefik--repo--github-com-traefik-traefik-v3",
"display_name": "traefik / traefik / v3",
"entity_type": "repo",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-23T18:56:05.020639Z",
"latest_version": "2.11.42",
"latest_release_at": "2026-03-26T09:02:56Z",
"version_sync_status": "green"
},
{
"entity_id": "traefik--extension--github-com-traefik-traefik-v3",
"display_name": "traefik / traefik / v3",
"entity_type": "extension",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"latest_version": "2.11.42",
"latest_release_at": "2026-03-26T09:02:56Z",
"version_sync_status": "green"
}
]
@@ -1244,7 +1252,7 @@
"entity_id": "undici",
"display_name": "Undici",
"entity_type": "system",
"latest_version": "7.24.5",
"latest_version": "7.24.6",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1252,7 +1260,7 @@
"entity_id": "undici--project--undici",
"display_name": "undici",
"entity_type": "project",
"latest_version": "7.24.5",
"latest_version": "7.24.6",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1260,7 +1268,7 @@
"entity_id": "undici--extension--undici",
"display_name": "undici",
"entity_type": "extension",
"latest_version": "7.24.5",
"latest_version": "7.24.6",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -1279,7 +1287,7 @@
"entity_id": "vite",
"display_name": "Vite",
"entity_type": "system",
"latest_version": "8.0.2",
"latest_version": "8.0.3",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1287,7 +1295,7 @@
"entity_id": "vite--project--vite",
"display_name": "vite",
"entity_type": "project",
"latest_version": "8.0.2",
"latest_version": "8.0.3",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1295,7 +1303,7 @@
"entity_id": "vite--plugin--vite",
"display_name": "vite",
"entity_type": "plugin",
"latest_version": "8.0.2",
"latest_version": "8.0.3",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1303,7 +1311,7 @@
"entity_id": "vite--extension--vite",
"display_name": "vite",
"entity_type": "extension",
"latest_version": "8.0.2",
"latest_version": "8.0.3",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1311,7 +1319,7 @@
"entity_id": "vite--module--vite",
"display_name": "vite",
"entity_type": "module",
"latest_version": "8.0.2",
"latest_version": "8.0.3",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -1330,7 +1338,7 @@
"entity_id": "vue",
"display_name": "Vue",
"entity_type": "system",
"latest_version": "3.5.30",
"latest_version": "3.5.31",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1338,7 +1346,7 @@
"entity_id": "vue--project--vue",
"display_name": "vue",
"entity_type": "project",
"latest_version": "3.5.30",
"latest_version": "3.5.31",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -1387,14 +1395,14 @@
"cataloged_entity_total": 2,
"latest_version_synced_count": 2,
"source_gap_count": 0,
"security_version_count": 14,
"security_version_count": 10,
"auto_promoted_count": 1,
"latest_versions": [
{
"entity_id": "woocommerce",
"display_name": "WooCommerce",
"entity_type": "system",
"latest_version": "10.7",
"latest_version": "10.6.1",
"latest_release_at": "2026-03-12T19:14:25Z",
"version_sync_status": "green"
},
@@ -1402,7 +1410,7 @@
"entity_id": "woocommerce--repo--woocommerce-woocommerce",
"display_name": "woocommerce / woocommerce",
"entity_type": "repo",
"latest_version": "10.7",
"latest_version": "10.6.1",
"latest_release_at": "2026-03-12T19:14:25Z",
"version_sync_status": "green"
}
@@ -1414,14 +1422,14 @@
"cataloged_entity_total": 1,
"latest_version_synced_count": 1,
"source_gap_count": 0,
"security_version_count": 53,
"security_version_count": 54,
"auto_promoted_count": 0,
"latest_versions": [
{
"entity_id": "wordpress",
"display_name": "WordPress",
"entity_type": "system",
"latest_version": "27.1.1",
"latest_version": "51.1.49",
"latest_release_at": "",
"version_sync_status": "green"
}

14
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{
&quot;generated_at&quot;: &quot;2026-03-24T09:18:20+00:00&quot;,
&quot;generated_at&quot;: &quot;2026-03-26T10:20:35+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [
@@ -115,7 +115,7 @@
},
{
&quot;label&quot;: &quot;已编目实体&quot;,
&quot;value&quot;: &quot;109&quot;
&quot;value&quot;: &quot;110&quot;
},
{
&quot;label&quot;: &quot;发现 backlog&quot;,
@@ -127,7 +127,7 @@
},
{
&quot;label&quot;: &quot;当前漏洞条目&quot;,
&quot;value&quot;: &quot;2415&quot;
&quot;value&quot;: &quot;2419&quot;
}
],
&quot;fields&quot;: [
@@ -145,7 +145,7 @@
},
{
&quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-24T09:18:20+00:00&quot;
&quot;value&quot;: &quot;2026-03-26T10:20:35+00:00&quot;
}
],
&quot;links&quot;: [
@@ -6061,7 +6061,7 @@
},
{
&quot;label&quot;: &quot;Advisory 数&quot;,
&quot;value&quot;: &quot;2415&quot;
&quot;value&quot;: &quot;2419&quot;
},
{
&quot;label&quot;: &quot;状态类型&quot;,
@@ -6080,7 +6080,7 @@
&quot;items&quot;: [
{
&quot;title&quot;: &quot;人工分诊&quot;,
&quot;summary&quot;: &quot;当前累计 2326 条。&quot;,
&quot;summary&quot;: &quot;当前累计 2330 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
@@ -6089,7 +6089,7 @@
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;2326&quot;
&quot;value&quot;: &quot;2330&quot;
}
]
},

10
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -105,12 +105,12 @@
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2024-05-20T16:03:47Z` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T02:50:58.022803Z` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-17T19:40:55.690` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-16T03:05:26.332715Z` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-25T19:48:38.788319Z` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:45.778179Z` |
| Ghost | `cms` | `history-full` | `yes` | `yes` | `23` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T10:41:18.820930Z` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `13` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `56` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-25T00:00:00+00:00` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `7` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `Wed, 25 Feb 2026 14:00:00 +0000` |
@@ -125,14 +125,14 @@
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-25T19:49:01.129152Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `100` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `2025-05-15T19:15:54.980` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `112` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2025-04-12T10:46:40.837` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `114` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2026-03-25T19:49:27.843572Z` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `42` | `10` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `2025-05-01T18:49:06.777708Z` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `21` | `3` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `2023-11-08T04:00:21.209483Z` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
@@ -140,7 +140,7 @@
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `71` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `2025-04-20T01:37:25.860` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-13T21:59:19.426456Z` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `11` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `4` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `2026-03-20T20:46:26.164998Z` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `4` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `2026-03-25T19:59:15.827722Z` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |

16
08-threat-intel/generated/dashboard/docs/entity-catalog-report.html
查看文件

@@ -88,14 +88,14 @@
<div class="meta">工作台内置镜像页分层实体覆盖、history-full 完整度和 workflow 统计。</div>
<pre># 分层实体覆盖与完整度报告
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 生成时间: `2026-03-26T10:20:34+00:00`
- 已编目实体: `110`
- 待编目 backlog: `7`
- history-full 已完成: `40`
- latest green: `99`
- workflow 完整: `99`
- 版本映射完整: `51`
- 官方源覆盖: `99`
- history-full 已完成: `41`
- latest green: `100`
- workflow 完整: `100`
- 版本映射完整: `52`
- 官方源覆盖: `100`
- 插件 history-full 已完成: `4`
## 系统分层摘要
@@ -144,7 +144,7 @@
| opencart | 2 | 0 | 1 | 0 | 1 | 0 |
| openmage | 2 | 0 | 1 | 0 | 1 | 0 |
| phpmyadmin | 1 | 0 | 1 | 0 | 1 | 0 |
| prestashop | 2 | 0 | 1 | 0 | 1 | 0 |
| prestashop | 3 | 0 | 2 | 1 | 2 | 0 |
| rails | 2 | 0 | 2 | 1 | 2 | 0 |
| react | 3 | 1 | 3 | 2 | 3 | 0 |
| redmine | 1 | 0 | 1 | 0 | 1 | 0 |

2
08-threat-intel/generated/dashboard/docs/entity-discovery-backlog.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页:待编目 repo / 插件 / 包 backlog 与等待原因。</div>
<pre># 分层实体发现 Backlog
- 生成时间: `2026-03-24T09:18:19+00:00`
- 生成时间: `2026-03-26T10:20:34+00:00`
- 待编目数量: `7`
| candidate_id | root_system | entity_type | risk | reason | waiting_for | source |

2
08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页active/retired source、replacement map 与覆盖摘要。</div>
<pre># Source Catalog Audit
- generated_at: `2026-03-24T09:17:05+00:00`
- generated_at: `2026-03-26T09:21:28+00:00`
- systems: `62`
- sources: `179`
- active_sources: `102`

16
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-24T09:18:20+00:00`
- 生成时间: `2026-03-26T10:20:35+00:00`
- 最新 advisory 完整度: `89/89` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
@@ -96,8 +96,8 @@
- 完整度百分比: `100.0%`
- active source 全绿: `102/102`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-24T09:17:44+00:00`
- 已编目实体: `109`
- 最近一次 source 全绿: `2026-03-26T10:20:18+00:00`
- 已编目实体: `110`
- 待编目 backlog: `7`
## 系统覆盖矩阵
@@ -111,11 +111,11 @@
## 分层实体完整度
- history-full 已完成: `40`
- latest green: `99`
- workflow 完整: `99`
- 版本映射完整: `51`
- 官方源覆盖: `99`
- history-full 已完成: `41`
- latest green: `100`
- workflow 完整: `100`
- 版本映射完整: `52`
- 官方源覆盖: `100`
- 插件 history-full 已完成: `4`
## 历史阻塞项修复纪要

24
08-threat-intel/generated/dashboard/docs/version-sync-report.html
查看文件

@@ -88,14 +88,14 @@
<div class="meta">工作台内置镜像页安全相关版本历史、source-gap 与版本驱动 lab enqueue 摘要。</div>
<pre># 安全相关版本同步报告
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 最新版本已同步: `94`
- 生成时间: `2026-03-26T10:20:34+00:00`
- 已编目实体: `110`
- 最新版本已同步: `95`
- 版本 source-gap: `15`
- 安全相关版本记录: `6242`
- 存在安全版本历史的实体: `82`
- 安全相关版本记录: `6297`
- 存在安全版本历史的实体: `83`
- 自动升级实体: `10`
- 因版本变化触发 lab 入队: `11`
- 因版本变化触发 lab 入队: `3`
## 系统版本摘要
@@ -110,18 +110,18 @@
| astro | 3 | 3 | 0 | 30 | 0 |
| caddy | 3 | 3 | 0 | 7 | 0 |
| directus | 2 | 2 | 0 | 2 | 1 |
| discourse | 1 | 1 | 0 | 78 | 0 |
| discourse | 1 | 1 | 0 | 80 | 0 |
| django | 2 | 2 | 0 | 182 | 0 |
| drupal | 1 | 1 | 0 | 74 | 0 |
| echo | 2 | 2 | 0 | 4 | 0 |
| esbuild | 2 | 2 | 0 | 2 | 0 |
| express | 1 | 0 | 1 | 0 | 0 |
| fastify | 2 | 2 | 0 | 2 | 0 |
| fastify | 2 | 2 | 0 | 4 | 0 |
| flask | 2 | 2 | 0 | 22 | 0 |
| ghost | 2 | 2 | 0 | 0 | 1 |
| gin | 2 | 2 | 0 | 2 | 0 |
| gitea | 1 | 0 | 1 | 0 | 0 |
| gitlab-ce | 1 | 1 | 0 | 612 | 0 |
| gitlab-ce | 1 | 1 | 0 | 625 | 0 |
| grafana | 1 | 0 | 1 | 0 | 0 |
| hapi | 2 | 2 | 0 | 4 | 0 |
| haproxy | 1 | 1 | 0 | 2 | 0 |
@@ -143,7 +143,7 @@
| opencart | 2 | 2 | 0 | 4 | 1 |
| openmage | 2 | 2 | 0 | 0 | 1 |
| phpmyadmin | 1 | 1 | 0 | 0 | 0 |
| prestashop | 2 | 2 | 0 | 18 | 1 |
| prestashop | 3 | 3 | 0 | 59 | 1 |
| rails | 2 | 2 | 0 | 102 | 0 |
| react | 3 | 3 | 0 | 18 | 0 |
| redmine | 1 | 1 | 0 | 0 | 0 |
@@ -161,8 +161,8 @@
| vue | 2 | 2 | 0 | 2 | 0 |
| webpack | 1 | 0 | 1 | 0 | 0 |
| werkzeug | 2 | 2 | 0 | 22 | 0 |
| woocommerce | 2 | 2 | 0 | 14 | 1 |
| wordpress | 1 | 1 | 0 | 53 | 0 |
| woocommerce | 2 | 2 | 0 | 10 | 1 |
| wordpress | 1 | 1 | 0 | 54 | 0 |
</pre>
</div>
</main>

611
08-threat-intel/generated/dashboard/entities.json
查看文件

文件差异内容过多而无法显示 加载差异

841
08-threat-intel/generated/dashboard/summary.json
查看文件

文件差异内容过多而无法显示 加载差异

602
08-threat-intel/generated/dashboard/systems.json
查看文件

文件差异内容过多而无法显示 加载差异

16
08-threat-intel/generated/entity-catalog-report.md
查看文件

@@ -1,13 +1,13 @@
# 分层实体覆盖与完整度报告
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 生成时间: `2026-03-26T10:20:34+00:00`
- 已编目实体: `110`
- 待编目 backlog: `7`
- history-full 已完成: `40`
- latest green: `99`
- workflow 完整: `99`
- 版本映射完整: `51`
- 官方源覆盖: `99`
- history-full 已完成: `41`
- latest green: `100`
- workflow 完整: `100`
- 版本映射完整: `52`
- 官方源覆盖: `100`
- 插件 history-full 已完成: `4`
## 系统分层摘要
@@ -56,7 +56,7 @@
| opencart | 2 | 0 | 1 | 0 | 1 | 0 |
| openmage | 2 | 0 | 1 | 0 | 1 | 0 |
| phpmyadmin | 1 | 0 | 1 | 0 | 1 | 0 |
| prestashop | 2 | 0 | 1 | 0 | 1 | 0 |
| prestashop | 3 | 0 | 2 | 1 | 2 | 0 |
| rails | 2 | 0 | 2 | 1 | 2 | 0 |
| react | 3 | 1 | 3 | 2 | 3 | 0 |
| redmine | 1 | 0 | 1 | 0 | 1 | 0 |

41
08-threat-intel/generated/entity-completeness.json
查看文件

@@ -1,12 +1,12 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"generated_at": "2026-03-26T10:20:34+00:00",
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
"latest_green_count": 99,
"workflow_complete_count": 99,
"version_mapped_count": 51,
"official_source_covered_count": 99,
"history_full_complete_count": 41,
"latest_green_count": 100,
"workflow_complete_count": 100,
"version_mapped_count": 52,
"official_source_covered_count": 100,
"plugin_history_full_count": 4,
"systems": [
{
@@ -420,7 +420,7 @@
"entity_id": "fastify--project--fastify",
"entity_type": "project",
"display_name": "fastify",
"advisory_count": 1,
"advisory_count": 2,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
}
@@ -1124,22 +1124,31 @@
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"cataloged_entity_total": 2,
"child_entity_total": 1,
"cataloged_entity_total": 3,
"child_entity_total": 2,
"candidate_entity_total": 0,
"workflow_complete_count": 1,
"version_mapped_count": 0,
"official_source_covered_count": 1,
"history_full_complete_count": 1,
"latest_green_count": 1,
"workflow_complete_count": 2,
"version_mapped_count": 1,
"official_source_covered_count": 2,
"history_full_complete_count": 2,
"latest_green_count": 2,
"version_gap_entity_count": 1,
"workflow_gap_entity_count": 0,
"plugin_total": 0,
"entity_type_counts": {
"system": 1,
"package": 1,
"repo": 1
},
"top_entities": [
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"display_name": "prestashop / prestashop",
"advisory_count": 2,
"history_backfill_status": "complete",
"latest_sync_status": "green"
},
{
"entity_id": "prestashop--repo--prestashop-prestashop",
"entity_type": "repo",
@@ -1760,6 +1769,6 @@
"discovery_queue": 7,
"history_queue": 27,
"latest_queue": 10,
"workflow_queue": 2177
"workflow_queue": 2178
}
}

2
08-threat-intel/generated/entity-discovery-backlog.md
查看文件

@@ -1,6 +1,6 @@
# 分层实体发现 Backlog
- 生成时间: `2026-03-24T09:18:19+00:00`
- 生成时间: `2026-03-26T10:20:34+00:00`
- 待编目数量: `7`
| candidate_id | root_system | entity_type | risk | reason | waiting_for | source |

4
08-threat-intel/generated/entity-queues.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"generated_at": "2026-03-26T10:20:34+00:00",
"discovery_queue": {
"count": 7,
"items": [
@@ -408,7 +408,7 @@
]
},
"workflow_queue": {
"count": 2177,
"count": 2178,
"items": [
{
"canonical_id": "adminer--CVE-2026-25878",

3082
08-threat-intel/generated/lab-enqueue-summary.json
查看文件

文件差异内容过多而无法显示 加载差异

14
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,13 +1,13 @@
# 最新同步摘要
- 渲染时间: `2026-03-24T09:18:19+00:00`
- 渲染时间: `2026-03-26T10:20:34+00:00`
- 系统数量: `62`
- Advisory 数量: `2371`
- 已编目实体数量: `109`
- Advisory 数量: `2375`
- 已编目实体数量: `110`
- 待编目 backlog 数量: `7`
- 重点 Markdown 数量: `168`
- 重点 Markdown 数量: `171`
- Run Bundle 数量: `89`
- 新增记录: `11`
- 更新记录: `4`
- Triage 数量: `1176`
- 新增记录: `3`
- 更新记录: `2`
- Triage 数量: `1177`
- 失败的 source adapter: `0`

39
08-threat-intel/generated/monitor-summary.json
查看文件

@@ -1,24 +1,25 @@
{
"generated_at": "2026-03-24T09:17:44+00:00",
"generated_at": "2026-03-26T10:20:18+00:00",
"active_source_count": 102,
"green_source_count": 102,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 101,
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"last_fully_green_run": "2026-03-26T10:20:18+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 77
},
"ingest": {
"new_count": 11,
"updated_count": 4,
"new_count": 3,
"updated_count": 2,
"failure_count": 0,
"systems_touched": [
"haproxy",
"mattermost",
"traefik"
"fastify",
"nextjs",
"prestashop",
"spring-security"
]
},
"validation": {
@@ -27,25 +28,25 @@
"errors": []
},
"entity_coverage": {
"cataloged_entity_total": 109,
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
"workflow_complete_count": 99,
"version_mapped_count": 51,
"official_source_covered_count": 99
"history_full_complete_count": 41,
"workflow_complete_count": 100,
"version_mapped_count": 52,
"official_source_covered_count": 100
},
"version_coverage": {
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"cataloged_entity_total": 110,
"latest_version_synced_count": 95,
"source_gap_count": 15,
"security_version_total": 6242,
"security_version_entity_count": 82,
"security_version_total": 6297,
"security_version_entity_count": 83,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 11
"lab_enqueued_count": 3
},
"lab_enqueue": {
"enqueued": 11,
"queue_total": 2371,
"enqueued": 3,
"queue_total": 2375,
"pending_count": 0
}
}

2115
08-threat-intel/generated/release-index.json
查看文件

文件差异内容过多而无法显示 加载差异

21
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,18 +1,19 @@
{
"generated_at": "2026-03-24T09:18:19+00:00",
"generated_at": "2026-03-26T10:20:34+00:00",
"system_count": 62,
"advisory_count": 2371,
"cataloged_entity_total": 109,
"advisory_count": 2375,
"cataloged_entity_total": 110,
"candidate_entity_total": 7,
"markdown_count": 168,
"new_count": 11,
"updated_count": 4,
"markdown_count": 171,
"new_count": 3,
"updated_count": 2,
"systems_touched": [
"haproxy",
"mattermost",
"traefik"
"fastify",
"nextjs",
"prestashop",
"spring-security"
],
"triage_count": 1176,
"triage_count": 1177,
"run_bundle_count": 89,
"failures": []
}

2
08-threat-intel/generated/source-catalog-audit.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-24T09:17:05+00:00",
"generated_at": "2026-03-26T09:21:28+00:00",
"system_count": 62,
"source_count": 179,
"active_source_count": 102,

某些文件未显示,因为此 diff 中更改的文件太多 显示更多