hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 489 个文件 - 2026-03-26 16:06:46

浏览代码
这个提交包含在:
hao
2026-03-26 16:06:46 -07:00
父节点 1e447fe97f
当前提交 1f7a3d6c60
修改 489 个文件,包含 36042 行新增4391 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

187
08-threat-intel/registry/advisories/fastify--CVE-2026-3635.json 普通文件
查看文件

@@ -0,0 +1,187 @@
{
"canonical_id": "fastify--CVE-2026-3635",
"system_id": "fastify",
"display_name": "Fastify",
"category": "frameworks",
"advisory_mode": "core",
"title": "fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections",
"summary": "## Summary\n\nWhen `trustProxy` is configured with a restrictive trust function (e.g., a specific IP like `trustProxy: '10.0.0.1'`, a subnet, a hop count, or a custom function), the `request.protocol` and `request.host` getters read `X-Forwarded-Proto` and `X-Forwarded-Host` headers from any connection \u2014 including connections from untrusted IPs. This allows an attacker connecting directly to Fastify (bypassing the proxy) to spoof both the protocol and host seen by the application.\n\n## Affected Versions\n\nfastify <= 5.8.2\n\n## Impact\n\nApplications using `request.protocol` or `request.host` for security decisions (HTTPS enforcement, secure cookie flags, CSRF origin checks, URL construction, host-based routing) are affected when `trustProxy` is configured with a restrictive trust function.\n\nWhen `trustProxy: true` (trust everything), both `host` and `protocol` trust all forwarded headers \u2014 this is expected behavior. The vulnerability only manifests with restrictive trust configurations.",
"published_at": "2026-03-25T19:32:28Z",
"updated_at": "2026-03-25T19:48:38.788319Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-3635",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/fastify/fastify",
"https://github.com/fastify/fastify/releases/tag/v5.8.3",
"https://www.cve.org/CVERecord?id=CVE-2026-3635"
],
"aliases": [
"CVE-2026-3635",
"GHSA-444r-cwp2-x5xf"
],
"cve_ids": [
"CVE-2026-3635"
],
"ghsa_ids": [
"GHSA-444r-cwp2-x5xf"
],
"osv_ids": [
"GHSA-444r-cwp2-x5xf"
],
"affected_versions": [
"introduced=0, fixed<5.8.3"
],
"fixed_versions": [
"5.8.3"
],
"package_name": "fastify",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3635.md",
"secure_code_topics": [
"proxy-trust-boundary",
"ssrf-url-validation",
"xss-output-encoding",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "fastify",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "fastify",
"official": true
},
{
"entity_id": "fastify--project--fastify",
"entity_type": "project",
"relation": "affected-component",
"root_system_id": "fastify",
"official": false
}
],
"affected_components": [
{
"name": "fastify",
"entity_id": "fastify--project--fastify",
"scope": "package",
"package_name": "fastify",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<5.8.3"
],
"fixed_version_ranges": [
"5.8.3"
],
"introduced_version": "introduced=0, fixed<5.8.3",
"patched_version": "5.8.3",
"version_evidence_sources": [
"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf",
"https://nvd.nist.gov/vuln/detail/CVE-2026-3635",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/fastify/fastify",
"https://github.com/fastify/fastify/releases/tag/v5.8.3",
"https://www.cve.org/CVERecord?id=CVE-2026-3635"
],
"affected_version_refs": [
"fastify--project--fastify--introduced-0-fixed-5-8-3"
],
"fixed_version_refs": [
"fastify--project--fastify--5-8-3"
],
"patched_version_refs": [
"fastify--project--fastify--5-8-3"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "fastify--CVE-2026-3635--workflow",
"vuln_family": "proxy-boundary",
"entry_surface": "proxy-header-or-trust-boundary",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<5.8.3",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "reverse-proxy-or-edge-client",
"affected_version_assertion": [
"introduced=0, fixed<5.8.3"
],
"trigger_vector": "\u5bf9 `proxy-boundary` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/middleware",
"/x-forwarded-* trust path"
],
"input_shape": "\u63d0\u4ea4\u53d7\u63a7\u4ee3\u7406\u5934\u6216\u6765\u6e90\u5934\uff0c\u9a8c\u8bc1\u4fe1\u4efb\u8fb9\u754c\u548c\u56de\u6e90\u9274\u6743\u3002",
"expected_unsafe_behavior": "\u4ec5\u51ed\u4ee3\u7406\u5934\u5373\u53ef\u8d8a\u8fc7\u9274\u6743\u6216\u6765\u6e90\u63a7\u5236\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6",
"\u4e0a\u6e38\u4ee3\u7406\u4e0e\u5e94\u7528\u5c42\u5bf9 Content-Length / Transfer-Encoding / forwarded headers \u7684\u89e3\u91ca\u5dee\u5f02"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<5.8.3` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `5.8.3`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `proxy-boundary` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Fastify"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"entity_ref_count": 2,
"advisory_scope": "package",
"version_confidence": "high",
"workflow_id": "fastify--CVE-2026-3635--workflow"
}
}

149
08-threat-intel/registry/advisories/gitlab-ce--c9ed3b92bd.json 普通文件
查看文件

文件差异因一行或多行过长而隐藏

4
08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
查看文件

@@ -5,9 +5,9 @@
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
"summary": "## Summary\nIn `next dev`, cross-site protections for internal development endpoints could treat `Origin: null` as a bypass case even when [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured. This could allow privacy-sensitive or opaque browser contexts, such as sandboxed documents, to access privileged internal dev-server functionality unexpectedly.\n\n## Impact\nIf a developer visits attacker-controlled content while running an affected `next dev` server with [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) configured, attacker-controlled browser code may be able to connect to internal development endpoints and interact with sensitive dev-server functionality that should have remained blocked.\n\nThis issue affects development mode only. It does not affect `next start`, and it does not expose internal debugging functionality to the network by default.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins on internal development endpoints.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- If you use [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins), reject requests and websocket upgrades with `Origin: null` for internal dev endpoints at your proxy.",
"published_at": "2026-03-17T15:29:48Z",
"updated_at": "2026-03-19T18:32:38.608475Z",
"updated_at": "2026-03-25T19:49:01.129152Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",

306
08-threat-intel/registry/advisories/prestashop--CVE-2026-33673.json 普通文件
查看文件

@@ -0,0 +1,306 @@
{
"canonical_id": "prestashop--CVE-2026-33673",
"system_id": "prestashop",
"display_name": "PrestaShop",
"category": "ecommerce",
"advisory_mode": "core",
"title": "PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables",
"summary": "### Impact\nMultiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates.\n\n### Patches\nPatched on 8.2.5 and 9.1.0\n\n### Workarounds\nNone\n\n### References\nNone",
"published_at": "2026-03-25T19:41:50Z",
"updated_at": "2026-03-25T19:48:31.156136Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"secondary_source_urls": [
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"aliases": [
"CVE-2026-33673",
"GHSA-35pf-37c6-jxjv"
],
"cve_ids": [
"CVE-2026-33673"
],
"ghsa_ids": [
"GHSA-35pf-37c6-jxjv"
],
"osv_ids": [
"GHSA-35pf-37c6-jxjv"
],
"affected_versions": [
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"introduced=9.0.0-alpha.1, fixed<9.1.0",
"introduced=0, fixed<8.2.5"
],
"fixed_versions": [
"9.1.0",
"8.2.5"
],
"package_name": "prestashop/prestashop",
"render_markdown": true,
"case_path": "07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33673.md",
"secure_code_topics": [
"plugin-extension-trust-policy",
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "prestashop",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "prestashop",
"official": true
},
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"relation": "affected-component",
"root_system_id": "prestashop",
"official": false
}
],
"affected_components": [
{
"name": "prestashop / prestashop",
"entity_id": "prestashop--package--prestashop-prestashop",
"scope": "package",
"package_name": "prestashop/prestashop",
"official": false
}
],
"affected_version_ranges": [
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"introduced=9.0.0-alpha.1, fixed<9.1.0",
"introduced=0, fixed<8.2.5"
],
"fixed_version_ranges": [
"9.1.0",
"8.2.5"
],
"introduced_version": "introduced=0, fixed<8.2.5",
"patched_version": "9.1.0",
"version_evidence_sources": [
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"affected_version_refs": [
"prestashop--package--prestashop-prestashop--9-0-0",
"prestashop--package--prestashop-prestashop--9-0-0-alpha-1",
"prestashop--package--prestashop-prestashop--9-0-0-beta-1",
"prestashop--package--prestashop-prestashop--9-0-0-rc-1",
"prestashop--package--prestashop-prestashop--9-0-1",
"prestashop--package--prestashop-prestashop--9-0-2",
"prestashop--package--prestashop-prestashop--9-0-3",
"prestashop--package--prestashop-prestashop--9-1-0-beta-1",
"prestashop--package--prestashop-prestashop--9-1-0-rc-1",
"prestashop--package--prestashop-prestashop--1-7-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-3-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-4-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-1",
"prestashop--package--prestashop-prestashop--1-7-0-2",
"prestashop--package--prestashop-prestashop--1-7-0-3",
"prestashop--package--prestashop-prestashop--1-7-0-4",
"prestashop--package--prestashop-prestashop--1-7-0-5",
"prestashop--package--prestashop-prestashop--1-7-0-6",
"prestashop--package--prestashop-prestashop--1-7-1-0",
"prestashop--package--prestashop-prestashop--1-7-1-1",
"prestashop--package--prestashop-prestashop--1-7-1-2",
"prestashop--package--prestashop-prestashop--1-7-2-0",
"prestashop--package--prestashop-prestashop--1-7-2-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-2-1",
"prestashop--package--prestashop-prestashop--introduced-9-0-0-alpha-1-fixed-9-1-0",
"prestashop--package--prestashop-prestashop--introduced-0-fixed-8-2-5"
],
"fixed_version_refs": [
"prestashop--package--prestashop-prestashop--9-1-0",
"prestashop--package--prestashop-prestashop--8-2-5"
],
"patched_version_refs": [
"prestashop--package--prestashop-prestashop--9-1-0"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "prestashop--CVE-2026-33673--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: 9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"introduced=9.0.0-alpha.1, fixed<9.1.0",
"introduced=0, fixed<8.2.5"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `9.1.0`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV PrestaShop"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"entity_ref_count": 2,
"advisory_scope": "package",
"version_confidence": "high",
"workflow_id": "prestashop--CVE-2026-33673--workflow"
}
}

303
08-threat-intel/registry/advisories/prestashop--CVE-2026-33674.json 普通文件
查看文件

@@ -0,0 +1,303 @@
{
"canonical_id": "prestashop--CVE-2026-33674",
"system_id": "prestashop",
"display_name": "PrestaShop",
"category": "ecommerce",
"advisory_mode": "core",
"title": "PrestaShop: Improper Use of Validation Framework",
"summary": "### Impact\nFix improper use of validation framework\n\n### Patches\nPatched in 8.2.5 and 9.1.0\n\n### Workarounds\nNone\n\n### References\nnone",
"published_at": "2026-03-25T19:40:42Z",
"updated_at": "2026-03-25T19:49:27.843572Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v",
"secondary_source_urls": [
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"aliases": [
"CVE-2026-33674",
"GHSA-283w-xf3q-788v"
],
"cve_ids": [
"CVE-2026-33674"
],
"ghsa_ids": [
"GHSA-283w-xf3q-788v"
],
"osv_ids": [
"GHSA-283w-xf3q-788v"
],
"affected_versions": [
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"introduced=0, fixed<8.2.5",
"introduced=9.0.0-alpha.1, fixed<9.1.0"
],
"fixed_versions": [
"8.2.5",
"9.1.0"
],
"package_name": "prestashop/prestashop",
"render_markdown": true,
"case_path": "07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33674.md",
"secure_code_topics": [
"plugin-extension-trust-policy",
"authz-server-side-recheck",
"file-upload-validation"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "prestashop",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "prestashop",
"official": true
},
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"relation": "affected-component",
"root_system_id": "prestashop",
"official": false
}
],
"affected_components": [
{
"name": "prestashop / prestashop",
"entity_id": "prestashop--package--prestashop-prestashop",
"scope": "package",
"package_name": "prestashop/prestashop",
"official": false
}
],
"affected_version_ranges": [
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"introduced=0, fixed<8.2.5",
"introduced=9.0.0-alpha.1, fixed<9.1.0"
],
"fixed_version_ranges": [
"8.2.5",
"9.1.0"
],
"introduced_version": "introduced=9.0.0-alpha.1, fixed<9.1.0",
"patched_version": "8.2.5",
"version_evidence_sources": [
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v",
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"affected_version_refs": [
"prestashop--package--prestashop-prestashop--1-7-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-3-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-4-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-1",
"prestashop--package--prestashop-prestashop--1-7-0-2",
"prestashop--package--prestashop-prestashop--1-7-0-3",
"prestashop--package--prestashop-prestashop--1-7-0-4",
"prestashop--package--prestashop-prestashop--1-7-0-5",
"prestashop--package--prestashop-prestashop--1-7-0-6",
"prestashop--package--prestashop-prestashop--1-7-1-0",
"prestashop--package--prestashop-prestashop--1-7-1-1",
"prestashop--package--prestashop-prestashop--1-7-1-2",
"prestashop--package--prestashop-prestashop--1-7-2-0",
"prestashop--package--prestashop-prestashop--1-7-2-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-2-1",
"prestashop--package--prestashop-prestashop--9-0-0",
"prestashop--package--prestashop-prestashop--9-0-0-alpha-1",
"prestashop--package--prestashop-prestashop--9-0-0-beta-1",
"prestashop--package--prestashop-prestashop--9-0-0-rc-1",
"prestashop--package--prestashop-prestashop--9-0-1",
"prestashop--package--prestashop-prestashop--9-0-2",
"prestashop--package--prestashop-prestashop--9-0-3",
"prestashop--package--prestashop-prestashop--9-1-0-beta-1",
"prestashop--package--prestashop-prestashop--9-1-0-rc-1",
"prestashop--package--prestashop-prestashop--introduced-0-fixed-8-2-5",
"prestashop--package--prestashop-prestashop--introduced-9-0-0-alpha-1-fixed-9-1-0"
],
"fixed_version_refs": [
"prestashop--package--prestashop-prestashop--8-2-5",
"prestashop--package--prestashop-prestashop--9-1-0"
],
"patched_version_refs": [
"prestashop--package--prestashop-prestashop--8-2-5"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "prestashop--CVE-2026-33674--workflow",
"vuln_family": "unknown",
"entry_surface": "package-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: 1.7.0.0, 1.7.0.0-beta.1.0, 1.7.0.0-beta.2.0",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"introduced=0, fixed<8.2.5",
"introduced=9.0.0-alpha.1, fixed<9.1.0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/package"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `1.7.0.0, 1.7.0.0-beta.1.0, 1.7.0.0-beta.2.0` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.2.5`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "plugin-extension-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV PrestaShop"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"entity_ref_count": 2,
"advisory_scope": "package",
"version_confidence": "high",
"workflow_id": "prestashop--CVE-2026-33674--workflow"
}
}

2
08-threat-intel/registry/advisories/spring-security--CVE-2026-22732.json
查看文件

@@ -7,7 +7,7 @@
"title": "Spring Security HTTP Headers Are not Written Under Some Conditions",
"summary": "When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.\u00a0\nThis issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.",
"published_at": "2026-03-20T00:31:28Z",
"updated_at": "2026-03-20T20:46:26.164998Z",
"updated_at": "2026-03-25T19:59:15.827722Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",

2
08-threat-intel/registry/entities/adminer.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:22+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/adobe-commerce.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:22+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

9
08-threat-intel/registry/entities/angular--package--angular-core.json
查看文件

@@ -12,9 +12,9 @@
"repo_url": "",
"package_registry": "https://www.npmjs.com/package/@angular/core",
"marketplace_url": "",
"latest_version": "21.2.5",
"latest_version": "21.2.6",
"version_scheme": "semver-ish",
"latest_release_at": "",
"latest_release_at": "2026-03-17T01:31:35.828211Z",
"latest_release_url": "https://www.npmjs.com/package/@angular/core",
"version_source_refs": [
"https://www.npmjs.com/package/@angular/core",
@@ -23,11 +23,12 @@
],
"version_sync_status": "green",
"security_version_count": 18,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv",
"https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222"
"https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/angular.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "21.2.5",
"latest_version": "21.2.6",
"version_scheme": "vendor",
"latest_release_at": "",
"latest_release_at": "2026-03-17T01:31:35.828211Z",
"latest_release_url": "https://www.npmjs.com/package/@angular/core",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 18,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:22+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/apache-httpd.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Apache HTTPD Security"
],

2
08-threat-intel/registry/entities/apache-tomcat.json
查看文件

@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Apache Tomcat Security"
],

2
08-threat-intel/registry/entities/aspnet-core.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

7
08-threat-intel/registry/entities/astro--module--astro.json
查看文件

@@ -14,7 +14,7 @@
"marketplace_url": "",
"latest_version": "6.0.8",
"version_scheme": "semver-ish",
"latest_release_at": "",
"latest_release_at": "2025-11-20T14:43:59.624508Z",
"latest_release_url": "https://www.npmjs.com/package/astro",
"version_source_refs": [
"https://www.npmjs.com/package/astro",
@@ -23,11 +23,12 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723",
"https://github.com/withastro/astro/security/advisories/GHSA-m85w-3h95-hcf9"
"https://github.com/withastro/astro/security/advisories/GHSA-m85w-3h95-hcf9",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

7
08-threat-intel/registry/entities/astro--project--astro.json
查看文件

@@ -14,7 +14,7 @@
"marketplace_url": "",
"latest_version": "6.0.8",
"version_scheme": "semver-ish",
"latest_release_at": "",
"latest_release_at": "2025-11-27T08:22:36.525875Z",
"latest_release_url": "https://www.npmjs.com/package/astro",
"version_source_refs": [
"https://www.npmjs.com/package/astro",
@@ -31,7 +31,7 @@
],
"version_sync_status": "green",
"security_version_count": 26,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw",
@@ -43,7 +43,8 @@
"https://github.com/withastro/astro/security/advisories/GHSA-hr2q-hp5q-x767",
"https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw",
"https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7",
"https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2"
"https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

4
08-threat-intel/registry/entities/astro.json
查看文件

@@ -14,12 +14,12 @@
"marketplace_url": "",
"latest_version": "6.0.8",
"version_scheme": "vendor",
"latest_release_at": "",
"latest_release_at": "2025-11-20T14:43:59.624508Z",
"latest_release_url": "https://www.npmjs.com/package/astro",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 30,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

11
08-threat-intel/registry/entities/caddy--extension--github-com-caddyserver-caddy-v2.json
查看文件

@@ -12,17 +12,18 @@
"repo_url": "https://github.com/caddyserver/caddy",
"package_registry": "",
"marketplace_url": "",
"latest_version": "2.11.1",
"latest_version": "2.11.2",
"version_scheme": "semver-ish",
"latest_release_at": "2026-02-27T19:55:10Z",
"latest_release_url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"version_source_refs": [
"https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g"
"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",
"https://github.com/caddyserver/caddy"
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:55+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",

6
08-threat-intel/registry/entities/caddy--repo--github-com-caddyserver-caddy-v2.json
查看文件

@@ -14,8 +14,8 @@
"marketplace_url": "",
"latest_version": "2.11.2",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-23T04:52:47.652974Z",
"latest_release_url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-7r4p-vjf4-gxv4",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"version_source_refs": [
"https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-4xrr-hq4w-6vf4",
@@ -24,7 +24,7 @@
],
"version_sync_status": "green",
"security_version_count": 5,
"last_version_synced_at": "2026-03-24T09:17:56+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-4xrr-hq4w-6vf4",

8
08-threat-intel/registry/entities/caddy.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "2.11.1",
"latest_version": "2.11.2",
"version_scheme": "vendor",
"latest_release_at": "2026-02-27T19:55:10Z",
"latest_release_url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 7,
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

11
08-threat-intel/registry/entities/directus--repo--directus-directus.json
查看文件

@@ -12,17 +12,18 @@
"repo_url": "https://github.com/directus/directus",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3573-4c68-g8cc",
"latest_version": "11.17.0",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-10T22:20:52Z",
"latest_release_url": "https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc",
"latest_release_at": "2026-03-24T23:17:51Z",
"latest_release_url": "https://github.com/directus/directus/releases/tag/v11.17.0",
"version_source_refs": [
"https://github.com/directus/directus/releases/tag/v11.16.1",
"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc"
"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc",
"https://github.com/directus/directus/releases/tag/v11.17.0"
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Directus GitHub Advisories"

8
08-threat-intel/registry/entities/directus.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3573-4c68-g8cc",
"latest_version": "11.17.0",
"version_scheme": "vendor",
"latest_release_at": "2026-03-10T22:20:52Z",
"latest_release_url": "https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc",
"latest_release_at": "2026-03-24T23:17:51Z",
"latest_release_url": "https://github.com/directus/directus/releases/tag/v11.17.0",
"version_source_refs": [
"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc"
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-24T09:17:56+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Directus GitHub Advisories"
],

9
08-threat-intel/registry/entities/discourse.json
查看文件

@@ -27,11 +27,14 @@
"https://meta.discourse.org/t/3-4-1-bug-fix-and-ux-release/353247",
"https://meta.discourse.org/t/3-4-2-security-and-bug-fix-release/358152",
"https://meta.discourse.org/t/3-4-3-bug-fix-and-ux-release/362895",
"https://meta.discourse.org/t/3-4-4-bug-fix-and-ux-release/367301"
"https://meta.discourse.org/t/3-4-4-bug-fix-and-ux-release/367301",
"https://meta.discourse.org/t/3-4-5-security-fixes-release/369347",
"https://meta.discourse.org/t/3-4-6-security-fix-release/370631",
"https://meta.discourse.org/t/3-4-7-security-and-maintenance-release/375747"
],
"version_sync_status": "green",
"security_version_count": 78,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"security_version_count": 80,
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Discourse Release Notes RSS",
"Discourse Security RSS"

2
08-threat-intel/registry/entities/django--project--django.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 160,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358"

2
08-threat-intel/registry/entities/django.json
查看文件

@@ -38,7 +38,7 @@
],
"version_sync_status": "green",
"security_version_count": 160,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Django Security Weblog",
"Django Security Releases Archive"

2
08-threat-intel/registry/entities/drupal.json
查看文件

@@ -27,7 +27,7 @@
],
"version_sync_status": "green",
"security_version_count": 74,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Drupal Security Advisories RSS"
],

8
08-threat-intel/registry/entities/echo--repo--github-com-labstack-echo-v4.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/labstack/echo",
"package_registry": "",
"marketplace_url": "",
"latest_version": "4.9.0",
"latest_version": "5.0.4",
"version_scheme": "semver-ish",
"latest_release_at": "2024-05-20T16:03:47Z",
"latest_release_url": "https://github.com/labstack/echo/issues/2259",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_release_url": "https://github.com/labstack/echo/releases/tag/v5.0.4",
"version_source_refs": [
"https://github.com/labstack/echo/releases/tag/v5.0.4",
"https://github.com/labstack/echo/pull/1718",
@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/labstack/echo/pull/1718",

8
08-threat-intel/registry/entities/echo.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "4.9.0",
"latest_version": "5.0.4",
"version_scheme": "vendor",
"latest_release_at": "2024-05-20T16:03:47Z",
"latest_release_url": "https://github.com/labstack/echo/issues/2259",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_release_url": "https://github.com/labstack/echo/releases/tag/v5.0.4",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/esbuild--project--esbuild.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99"

2
08-threat-intel/registry/entities/esbuild.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/express.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

21
08-threat-intel/registry/entities/fastify--project--fastify.json
查看文件

@@ -18,14 +18,16 @@
"latest_release_url": "https://www.npmjs.com/package/fastify",
"version_source_refs": [
"https://www.npmjs.com/package/fastify",
"https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"
"https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9",
"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf"
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"security_version_count": 4,
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"
"https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9",
"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf"
],
"catalog_source": "",
"catalog_reason": "",
@@ -35,13 +37,14 @@
"history_backfill_status": "seeded",
"latest_sync_status": "green",
"official_source_covered": true,
"advisory_count": 1,
"workflow_complete_advisory_count": 1,
"version_mapped_advisory_count": 1,
"advisory_count": 2,
"workflow_complete_advisory_count": 2,
"version_mapped_advisory_count": 2,
"first_advisory_at": "2026-03-05T21:29:54+00:00",
"latest_advisory_at": "2026-03-16T03:05:26+00:00",
"latest_advisory_at": "2026-03-25T19:48:38+00:00",
"advisory_ids": [
"fastify--CVE-2026-3419"
"fastify--CVE-2026-3419",
"fastify--CVE-2026-3635"
],
"source_refs": []
}

15
08-threat-intel/registry/entities/fastify.json
查看文件

@@ -18,8 +18,8 @@
"latest_release_url": "https://www.npmjs.com/package/fastify",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"security_version_count": 4,
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",
@@ -29,13 +29,14 @@
"history_backfill_status": "seeded",
"latest_sync_status": "green",
"official_source_covered": true,
"advisory_count": 1,
"workflow_complete_advisory_count": 1,
"version_mapped_advisory_count": 1,
"advisory_count": 2,
"workflow_complete_advisory_count": 2,
"version_mapped_advisory_count": 2,
"first_advisory_at": "2026-03-05T21:29:54+00:00",
"latest_advisory_at": "2026-03-16T03:05:26+00:00",
"latest_advisory_at": "2026-03-25T19:48:38+00:00",
"advisory_ids": [
"fastify--CVE-2026-3419"
"fastify--CVE-2026-3419",
"fastify--CVE-2026-3635"
],
"source_refs": [
{

2
08-threat-intel/registry/entities/flask--project--flask.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 22,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726"

2
08-threat-intel/registry/entities/flask.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 22,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/ghost--repo--tryghost-ghost.json
查看文件

@@ -12,17 +12,17 @@
"repo_url": "https://github.com/TryGhost/Ghost",
"package_registry": "",
"marketplace_url": "",
"latest_version": "52.1k",
"latest_version": "6.22.1",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-20T15:25:05Z",
"latest_release_url": "https://github.com/login?return_to=%2FTryGhost%2FGhost",
"latest_release_url": "https://github.com/TryGhost/Ghost/releases/tag/v6.22.1",
"version_source_refs": [
"https://github.com/TryGhost/Ghost/releases/tag/v6.22.1",
"https://github.com/login?return_to=%2FTryGhost%2FGhost"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:58+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Ghost GitHub Advisories"

6
08-threat-intel/registry/entities/ghost.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "52.1k",
"latest_version": "6.22.1",
"version_scheme": "vendor",
"latest_release_at": "2026-03-20T15:25:05Z",
"latest_release_url": "https://github.com/login?return_to=%2FTryGhost%2FGhost",
"latest_release_url": "https://github.com/TryGhost/Ghost/releases/tag/v6.22.1",
"version_source_refs": [
"https://github.com/login?return_to=%2FTryGhost%2FGhost"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Ghost GitHub Advisories"
],

8
08-threat-intel/registry/entities/gin--repo--github-com-gin-gonic-gin.json
查看文件

@@ -12,17 +12,17 @@
"repo_url": "https://github.com/gin-gonic/gin",
"package_registry": "",
"marketplace_url": "",
"latest_version": "1.7.7",
"latest_version": "1.12.0",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"latest_release_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28483",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_release_url": "https://github.com/gin-gonic/gin/releases/tag/v1.12.0",
"version_source_refs": [
"https://github.com/gin-gonic/gin/releases/tag/v1.12.0",
"https://nvd.nist.gov/vuln/detail/CVE-2020-28483"
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://nvd.nist.gov/vuln/detail/CVE-2020-28483",

8
08-threat-intel/registry/entities/gin.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "1.7.7",
"latest_version": "1.12.0",
"version_scheme": "vendor",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"latest_release_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28483",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_release_url": "https://github.com/gin-gonic/gin/releases/tag/v1.12.0",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:58+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/gitea.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

21
08-threat-intel/registry/entities/gitlab-ce.json
查看文件

@@ -12,32 +12,32 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "2026-3848---improper-neutralization-of-crlf-sequences-issue-impacts-gitlab-ceee",
"latest_version": "2026-4363---incorrect-authorization-issue-in-authorization-caching-impacts-gitlab-ee",
"version_scheme": "vendor",
"latest_release_at": "2026-03-11T00:00:00+00:00",
"latest_release_at": "2026-03-25T00:00:00+00:00",
"latest_release_url": "https://about.gitlab.com/security-releases.xml",
"version_source_refs": [
"https://about.gitlab.com/security-releases.xml"
],
"version_sync_status": "green",
"security_version_count": 614,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"security_version_count": 627,
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitLab Security Releases Atom"
],
"catalog_source": "",
"catalog_reason": "",
"auto_cataloged": false,
"last_discovered_at": "",
"last_synced_at": "",
"last_discovered_at": "2026-03-25T00:00:00+00:00",
"last_synced_at": "2026-03-25T00:00:00+00:00",
"history_backfill_status": "seeded",
"latest_sync_status": "green",
"official_source_covered": true,
"advisory_count": 55,
"workflow_complete_advisory_count": 55,
"advisory_count": 56,
"workflow_complete_advisory_count": 56,
"version_mapped_advisory_count": 0,
"first_advisory_at": "",
"latest_advisory_at": "",
"first_advisory_at": "2026-03-25T00:00:00+00:00",
"latest_advisory_at": "2026-03-25T00:00:00+00:00",
"advisory_ids": [
"gitlab-ce--0304f4760b",
"gitlab-ce--09c34791d2",
@@ -85,6 +85,7 @@
"gitlab-ce--c4b5b43585",
"gitlab-ce--c6afa3fc85",
"gitlab-ce--c91032430a",
"gitlab-ce--c9ed3b92bd",
"gitlab-ce--cd7b46219e",
"gitlab-ce--d3bfede960",
"gitlab-ce--ea5bd69217",

2
08-threat-intel/registry/entities/grafana.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/hapi--package--hapi-hapi.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://www.npmjs.com/advisories/1482"

2
08-threat-intel/registry/entities/hapi.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/haproxy.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"HAProxy Blog Feed"
],

2
08-threat-intel/registry/entities/jenkins.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/joomla.json
查看文件

@@ -25,7 +25,7 @@
],
"version_sync_status": "green",
"security_version_count": 5,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Joomla Security Centre"
],

2
08-threat-intel/registry/entities/kibana.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/koa--project--koa.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm"

2
08-threat-intel/registry/entities/koa.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/laravel--package--laravel-framework.json
查看文件

@@ -12,9 +12,9 @@
"repo_url": "https://github.com/laravel/framework",
"package_registry": "https://packagist.org/packages/laravel/framework",
"marketplace_url": "",
"latest_version": "13.1.1",
"latest_version": "13.2.0",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-18T17:10:25+00:00",
"latest_release_at": "2026-03-24T18:42:09+00:00",
"latest_release_url": "https://packagist.org/packages/laravel/framework",
"version_source_refs": [
"https://packagist.org/packages/laravel/framework",
@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 103,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Packagist p2",
"https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"

6
08-threat-intel/registry/entities/laravel.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "13.1.1",
"latest_version": "13.2.0",
"version_scheme": "vendor",
"latest_release_at": "2026-03-18T17:10:25+00:00",
"latest_release_at": "2026-03-24T18:42:09+00:00",
"latest_release_url": "https://packagist.org/packages/laravel/framework",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 103,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/magento-open-source--repo--magento-magento2.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/magento/magento2",
"package_registry": "",
"marketplace_url": "",
"latest_version": "300.000",
"latest_version": "2.4.9-beta1",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-10T14:04:22Z",
"latest_release_url": "https://sansec.io/research/visbot-malware-on-6691-stores-analysis",
"latest_release_url": "https://github.com/magento/magento2/releases/tag/2.4.9-beta1",
"version_source_refs": [
"https://github.com/magento/magento2/releases/tag/2.4.9-beta1",
"https://sansec.io/research/vendors-defeat-magento-security-patch-simple-check",
@@ -25,7 +25,7 @@
],
"version_sync_status": "green",
"security_version_count": 3,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Sansec Research"

6
08-threat-intel/registry/entities/magento-open-source.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "300.000",
"latest_version": "2.4.9-beta1",
"version_scheme": "vendor",
"latest_release_at": "2026-03-10T14:04:22Z",
"latest_release_url": "https://sansec.io/research/visbot-malware-on-6691-stores-analysis",
"latest_release_url": "https://github.com/magento/magento2/releases/tag/2.4.9-beta1",
"version_source_refs": [
"https://sansec.io/research/visbot-malware-on-6691-stores-analysis",
"https://sansec.io/research/vendors-defeat-magento-security-patch-simple-check",
@@ -24,7 +24,7 @@
],
"version_sync_status": "green",
"security_version_count": 3,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Sansec Research"
],

5
08-threat-intel/registry/entities/mattermost--plugin--mattermost-plugins.json
查看文件

@@ -21,10 +21,11 @@
],
"version_sync_status": "green",
"security_version_count": 759,
"last_version_synced_at": "2026-03-24T09:18:00+00:00",
"last_version_synced_at": "2026-03-26T10:20:24+00:00",
"latest_version_evidence": [
"Mattermost Security Updates JSON",
"https://securityupdates.mattermost.com/security_updates.json"
"https://securityupdates.mattermost.com/security_updates.json",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

5
08-threat-intel/registry/entities/mattermost--project--issue-platform.json
查看文件

@@ -21,10 +21,11 @@
],
"version_sync_status": "green",
"security_version_count": 756,
"last_version_synced_at": "2026-03-24T09:18:00+00:00",
"last_version_synced_at": "2026-03-26T10:20:24+00:00",
"latest_version_evidence": [
"Mattermost Security Updates JSON",
"https://securityupdates.mattermost.com/security_updates.json"
"https://securityupdates.mattermost.com/security_updates.json",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/mattermost--project--mattermost-server.json
查看文件

@@ -21,9 +21,11 @@
],
"version_sync_status": "green",
"security_version_count": 764,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"Mattermost Security Updates JSON"
"Mattermost Security Updates JSON",
"advisory-fixed-version",
"https://securityupdates.mattermost.com/security_updates.json"
],
"catalog_source": "",
"catalog_reason": "",

8
08-threat-intel/registry/entities/mattermost--repo--github-com-mattermost-mattermost-server.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/mattermost/mattermost-server",
"package_registry": "",
"marketplace_url": "",
"latest_version": "26.2.1",
"latest_version": "11.4.3",
"version_scheme": "semver-ish",
"latest_release_at": "2023-10-03",
"latest_release_url": "https://securityupdates.mattermost.com/security_updates.json",
"latest_release_at": "2026-03-16T08:26:52Z",
"latest_release_url": "https://github.com/mattermost/mattermost/releases/tag/v11.4.3",
"version_source_refs": [
"https://github.com/mattermost/mattermost/releases/tag/v11.4.3",
"https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
@@ -34,7 +34,7 @@
],
"version_sync_status": "green",
"security_version_count": 810,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://nvd.nist.gov/vuln/detail/CVE-2026-22545",

2
08-threat-intel/registry/entities/mattermost.json
查看文件

@@ -21,7 +21,7 @@
],
"version_sync_status": "green",
"security_version_count": 3089,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"last_version_synced_at": "2026-03-26T10:20:23+00:00",
"latest_version_evidence": [
"Mattermost Security Updates JSON"
],

2
08-threat-intel/registry/entities/mediawiki.json
查看文件

@@ -28,7 +28,7 @@
],
"version_sync_status": "green",
"security_version_count": 254,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"MediaWiki Announce RSS"
],

2
08-threat-intel/registry/entities/medusa.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/moodle.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/nestjs.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

4
08-threat-intel/registry/entities/nextjs--project--next.json
查看文件

@@ -35,7 +35,7 @@
],
"version_sync_status": "green",
"security_version_count": 168,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/vercel/next.js",
@@ -65,7 +65,7 @@
"workflow_complete_advisory_count": 41,
"version_mapped_advisory_count": 41,
"first_advisory_at": "2017-12-05T02:04:14+00:00",
"latest_advisory_at": "2026-03-19T18:48:06+00:00",
"latest_advisory_at": "2026-03-25T19:49:01+00:00",
"advisory_ids": [
"nextjs--CVE-2017-16877",
"nextjs--CVE-2018-18282",

4
08-threat-intel/registry/entities/nextjs.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 168,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",
@@ -33,7 +33,7 @@
"workflow_complete_advisory_count": 66,
"version_mapped_advisory_count": 41,
"first_advisory_at": "2017-12-05T02:04:14+00:00",
"latest_advisory_at": "2026-03-19T18:48:06+00:00",
"latest_advisory_at": "2026-03-25T19:49:01+00:00",
"advisory_ids": [
"nextjs--0bc50e56d4",
"nextjs--0dc6888d4d",

2
08-threat-intel/registry/entities/nginx.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/nodejs.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/nuxt--project--nuxt.json
查看文件

@@ -26,7 +26,7 @@
],
"version_sync_status": "green",
"security_version_count": 11,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/nuxt/nuxt/security/advisories/GHSA-vf6r-87q4-2vjf",

2
08-threat-intel/registry/entities/nuxt.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 11,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/opencart--repo--opencart-opencart.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/opencart/opencart",
"package_registry": "",
"marketplace_url": "",
"latest_version": "8.1k",
"latest_version": "3.0.5.0",
"version_scheme": "semver-ish",
"latest_release_at": "2025-12-12T10:27:11Z",
"latest_release_url": "https://github.com/login?return_to=%2Fopencart%2Fopencart",
"latest_release_url": "https://github.com/opencart/opencart/releases/tag/3.0.5.0",
"version_source_refs": [
"https://github.com/opencart/opencart/releases/tag/3.0.5.0",
"https://github.com/opencart/opencart/tree/3.0.5.0",
@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:18:02+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"OpenCart Releases"

6
08-threat-intel/registry/entities/opencart.json
查看文件

@@ -12,17 +12,17 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "8.1k",
"latest_version": "3.0.5.0",
"version_scheme": "vendor",
"latest_release_at": "2025-12-12T10:27:11Z",
"latest_release_url": "https://github.com/login?return_to=%2Fopencart%2Fopencart",
"latest_release_url": "https://github.com/opencart/opencart/releases/tag/3.0.5.0",
"version_source_refs": [
"https://github.com/login?return_to=%2Fopencart%2Fopencart",
"https://github.com/opencart/opencart/tree/3.0.5.0"
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:18:01+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"OpenCart Releases"
],

2
08-threat-intel/registry/entities/openmage--repo--openmage-magento-lts.json
查看文件

@@ -21,7 +21,7 @@
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:03+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"GitHub Releases API"
],

2
08-threat-intel/registry/entities/openmage.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:02+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/phpmyadmin.json
查看文件

@@ -21,7 +21,7 @@
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:03+00:00",
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"phpMyAdmin Security Page"
],

50
08-threat-intel/registry/entities/prestashop--package--prestashop-prestashop.json 普通文件
查看文件

@@ -0,0 +1,50 @@
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"display_name": "prestashop / prestashop",
"parent_entity_id": "prestashop",
"root_system_id": "prestashop",
"category": "ecommerce",
"ecosystem": "prestashop",
"official": false,
"status": "cataloged",
"history_policy": "history-full",
"repo_url": "https://github.com/prestashop/prestashop",
"package_registry": "https://packagist.org/packages/prestashop/prestashop",
"marketplace_url": "",
"latest_version": "9.1.0",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-13T18:04:58+00:00",
"latest_release_url": "https://packagist.org/packages/prestashop/prestashop",
"version_source_refs": [
"https://packagist.org/packages/prestashop/prestashop",
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"https://security.friendsofpresta.org/core/2025/09/04/CVE-2025-51586.html"
],
"version_sync_status": "green",
"security_version_count": 41,
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"Packagist p2",
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"Friends Of Presta Security"
],
"catalog_source": "",
"catalog_reason": "",
"auto_cataloged": false,
"last_discovered_at": "2026-03-25T19:49:27+00:00",
"last_synced_at": "2026-03-25T19:49:27+00:00",
"history_backfill_status": "complete",
"latest_sync_status": "green",
"official_source_covered": true,
"advisory_count": 2,
"workflow_complete_advisory_count": 2,
"version_mapped_advisory_count": 2,
"first_advisory_at": "2026-03-25T19:40:42+00:00",
"latest_advisory_at": "2026-03-25T19:49:27+00:00",
"advisory_ids": [
"prestashop--CVE-2026-33673",
"prestashop--CVE-2026-33674"
],
"source_refs": []
}

11
08-threat-intel/registry/entities/prestashop--repo--prestashop-prestashop.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/PrestaShop/PrestaShop",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3366-9287-7qpr",
"latest_version": "8.2.5",
"version_scheme": "semver-ish",
"latest_release_at": "2026-02-03T10:01:48Z",
"latest_release_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr",
"latest_release_at": "2026-03-23T10:07:16Z",
"latest_release_url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"version_source_refs": [
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3",
"https://security.friendsofpresta.org/core/2025/09/04/CVE-2025-51586.html",
@@ -23,11 +23,12 @@
"https://build.prestashop-project.org/news/2026/prestashop-8-2-4-maintenance-release/",
"https://security.friendsofpresta.org/modules/2026/02/16/advancedpopupcreator-cve-2025-69633.html",
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr",
"https://build.prestashop-project.org/news/2026/prestashop-8-2-5-maintenance-release/"
"https://build.prestashop-project.org/news/2026/prestashop-8-2-5-maintenance-release/",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5"
],
"version_sync_status": "green",
"security_version_count": 9,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Friends Of Presta Security",

20
08-threat-intel/registry/entities/prestashop.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3366-9287-7qpr",
"latest_version": "8.2.5",
"version_scheme": "vendor",
"latest_release_at": "2026-02-03T10:01:48Z",
"latest_release_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr",
"latest_release_at": "2026-03-23T10:07:16Z",
"latest_release_url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"version_source_refs": [
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr",
"https://security.friendsofpresta.org/core/2025/09/04/CVE-2025-51586.html",
@@ -25,8 +25,8 @@
"https://build.prestashop-project.org/news/2026/prestashop-8-2-5-maintenance-release/"
],
"version_sync_status": "green",
"security_version_count": 9,
"last_version_synced_at": "2026-03-24T09:18:03+00:00",
"security_version_count": 50,
"last_version_synced_at": "2026-03-26T10:20:25+00:00",
"latest_version_evidence": [
"GitHub PrestaShop Advisories",
"Friends Of Presta Security",
@@ -40,11 +40,11 @@
"history_backfill_status": "complete",
"latest_sync_status": "green",
"official_source_covered": true,
"advisory_count": 112,
"workflow_complete_advisory_count": 112,
"version_mapped_advisory_count": 0,
"advisory_count": 114,
"workflow_complete_advisory_count": 114,
"version_mapped_advisory_count": 2,
"first_advisory_at": "2008-12-31T11:30:00+00:00",
"latest_advisory_at": "2025-04-12T10:46:40+00:00",
"latest_advisory_at": "2026-03-25T19:49:27+00:00",
"advisory_ids": [
"prestashop--07b452707c",
"prestashop--080f1ad67c",
@@ -131,6 +131,8 @@
"prestashop--CVE-2020-5277",
"prestashop--CVE-2020-5294",
"prestashop--CVE-2020-6632",
"prestashop--CVE-2026-33673",
"prestashop--CVE-2026-33674",
"prestashop--a0f896f1ae",
"prestashop--a2727cdb40",
"prestashop--a433672695",

2
08-threat-intel/registry/entities/rails--project--rails.json
查看文件

@@ -26,7 +26,7 @@
],
"version_sync_status": "green",
"security_version_count": 102,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"npm latest",
"https://nvd.nist.gov/vuln/detail/CVE-2007-5379",

2
08-threat-intel/registry/entities/rails.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 102,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/react--project--react-dom.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 12,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"npm latest",
"https://nvd.nist.gov/vuln/detail/CVE-2018-6341"

2
08-threat-intel/registry/entities/react--project--react.json
查看文件

@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 6,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/facebook/react",

2
08-threat-intel/registry/entities/react.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 18,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/redmine.json
查看文件

@@ -21,7 +21,7 @@
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"Redmine Security Advisories"
],

11
08-threat-intel/registry/entities/saleor--repo--saleor-saleor.json
查看文件

@@ -12,17 +12,18 @@
"repo_url": "https://github.com/saleor/saleor",
"package_registry": "",
"marketplace_url": "",
"latest_version": "22.7k",
"latest_version": "3.22.44",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-19T13:13:39Z",
"latest_release_url": "https://github.com/login?return_to=%2Fsaleor%2Fsaleor",
"latest_release_at": "2026-03-24T13:34:33Z",
"latest_release_url": "https://github.com/saleor/saleor/releases/tag/3.22.44",
"version_source_refs": [
"https://github.com/saleor/saleor/releases/tag/3.22.43",
"https://github.com/login?return_to=%2Fsaleor%2Fsaleor"
"https://github.com/login?return_to=%2Fsaleor%2Fsaleor",
"https://github.com/saleor/saleor/releases/tag/3.22.44"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:05+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"GitHub Saleor Advisories"

8
08-threat-intel/registry/entities/saleor.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "22.7k",
"latest_version": "3.22.44",
"version_scheme": "vendor",
"latest_release_at": "2026-03-19T13:13:39Z",
"latest_release_url": "https://github.com/login?return_to=%2Fsaleor%2Fsaleor",
"latest_release_at": "2026-03-24T13:34:33Z",
"latest_release_url": "https://github.com/saleor/saleor/releases/tag/3.22.44",
"version_source_refs": [
"https://github.com/login?return_to=%2Fsaleor%2Fsaleor"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:04+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"GitHub Saleor Advisories"
],

6
08-threat-intel/registry/entities/shopware--repo--shopware-shopware.json
查看文件

@@ -12,17 +12,17 @@
"repo_url": "https://github.com/shopware/shopware",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3.3k",
"latest_version": "6.7.8.2",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-18T15:05:49Z",
"latest_release_url": "https://github.com/login?return_to=%2Fshopware%2Fshopware",
"latest_release_url": "https://github.com/shopware/shopware/releases/tag/v6.7.8.2",
"version_source_refs": [
"https://github.com/shopware/shopware/releases/tag/v6.7.8.2",
"https://github.com/login?return_to=%2Fshopware%2Fshopware"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:06+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Shopware Security Advisories"

6
08-threat-intel/registry/entities/shopware.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3.3k",
"latest_version": "6.7.8.2",
"version_scheme": "vendor",
"latest_release_at": "2026-03-18T15:05:49Z",
"latest_release_url": "https://github.com/login?return_to=%2Fshopware%2Fshopware",
"latest_release_url": "https://github.com/shopware/shopware/releases/tag/v6.7.8.2",
"version_source_refs": [
"https://github.com/login?return_to=%2Fshopware%2Fshopware"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:05+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [
"Shopware Security Advisories"
],

2
08-threat-intel/registry/entities/spring-boot--project--org-springframework-boot-spring-boot.json
查看文件

@@ -21,7 +21,7 @@
],
"version_sync_status": "green",
"security_version_count": 22,
"last_version_synced_at": "2026-03-24T09:18:06+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"advisory-fixed-version",
"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85"

2
08-threat-intel/registry/entities/spring-boot.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 22,
"last_version_synced_at": "2026-03-24T09:18:06+00:00",
"last_version_synced_at": "2026-03-26T10:20:26+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/spring-framework.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:06+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/spring-security--project--org-springframework-security-spring-security-web.json
查看文件

@@ -14,14 +14,14 @@
"marketplace_url": "",
"latest_version": "7.0.4",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-20T20:46:26.164998Z",
"latest_release_at": "2026-03-25T19:59:15.827722Z",
"latest_release_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22732",
"version_source_refs": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-22732"
],
"version_sync_status": "green",
"security_version_count": 92,
"last_version_synced_at": "2026-03-24T09:18:07+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"advisory-fixed-version",
"https://nvd.nist.gov/vuln/detail/CVE-2026-22732"
@@ -38,7 +38,7 @@
"workflow_complete_advisory_count": 1,
"version_mapped_advisory_count": 1,
"first_advisory_at": "2026-03-20T00:31:28+00:00",
"latest_advisory_at": "2026-03-20T20:46:26+00:00",
"latest_advisory_at": "2026-03-25T19:59:15+00:00",
"advisory_ids": [
"spring-security--CVE-2026-22732"
],

6
08-threat-intel/registry/entities/spring-security.json
查看文件

@@ -14,12 +14,12 @@
"marketplace_url": "",
"latest_version": "7.0.4",
"version_scheme": "vendor",
"latest_release_at": "2026-03-20T20:46:26.164998Z",
"latest_release_at": "2026-03-25T19:59:15.827722Z",
"latest_release_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22732",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 92,
"last_version_synced_at": "2026-03-24T09:18:06+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",
@@ -33,7 +33,7 @@
"workflow_complete_advisory_count": 4,
"version_mapped_advisory_count": 1,
"first_advisory_at": "2026-03-20T00:31:28+00:00",
"latest_advisory_at": "2026-03-20T20:46:26+00:00",
"latest_advisory_at": "2026-03-25T19:59:15+00:00",
"advisory_ids": [
"spring-security--3da31f4883",
"spring-security--7817f6fd2f",

6
08-threat-intel/registry/entities/strapi--repo--strapi-strapi.json
查看文件

@@ -12,17 +12,17 @@
"repo_url": "https://github.com/strapi/strapi",
"package_registry": "",
"marketplace_url": "",
"latest_version": "71.7k",
"latest_version": "5.40.0",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-18T13:33:01Z",
"latest_release_url": "https://github.com/login?return_to=%2Fstrapi%2Fstrapi",
"latest_release_url": "https://github.com/strapi/strapi/releases/tag/v5.40.0",
"version_source_refs": [
"https://github.com/strapi/strapi/releases/tag/v5.40.0",
"https://github.com/login?return_to=%2Fstrapi%2Fstrapi"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:08+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Strapi GitHub Advisories"

6
08-threat-intel/registry/entities/strapi.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "71.7k",
"latest_version": "5.40.0",
"version_scheme": "vendor",
"latest_release_at": "2026-03-18T13:33:01Z",
"latest_release_url": "https://github.com/login?return_to=%2Fstrapi%2Fstrapi",
"latest_release_url": "https://github.com/strapi/strapi/releases/tag/v5.40.0",
"version_source_refs": [
"https://github.com/login?return_to=%2Fstrapi%2Fstrapi"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-24T09:18:07+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"Strapi GitHub Advisories"
],

2
08-threat-intel/registry/entities/sveltekit--package--sveltejs-kit.json
查看文件

@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:18:08+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6",

2
08-threat-intel/registry/entities/sveltekit.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-24T09:18:08+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/symfony--package--symfony-symfony.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 220,
"last_version_synced_at": "2026-03-24T09:18:08+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"Packagist p2",
"https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68"

2
08-threat-intel/registry/entities/symfony.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 220,
"last_version_synced_at": "2026-03-24T09:18:08+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

11
08-threat-intel/registry/entities/traefik--extension--github-com-traefik-traefik-v3.json
查看文件

@@ -12,17 +12,18 @@
"repo_url": "https://github.com/traefik/traefik",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3.7.0-ea.2",
"latest_version": "2.11.42",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"latest_release_url": "https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48",
"latest_release_at": "2026-03-26T09:02:56Z",
"latest_release_url": "https://github.com/traefik/traefik/releases/tag/v2.11.42",
"version_source_refs": [
"https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2",
"https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48"
"https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48",
"https://github.com/traefik/traefik/releases/tag/v2.11.42"
],
"version_sync_status": "green",
"security_version_count": 8,
"last_version_synced_at": "2026-03-24T09:18:09+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48",

11
08-threat-intel/registry/entities/traefik--repo--github-com-traefik-traefik-v3.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/traefik/traefik",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3.7.0-ea.2",
"latest_version": "2.11.42",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-23T18:56:05.020639Z",
"latest_release_url": "https://github.com/traefik/traefik/security/advisories/GHSA-g3hg-j4jv-cwfr",
"latest_release_at": "2026-03-26T09:02:56Z",
"latest_release_url": "https://github.com/traefik/traefik/releases/tag/v2.11.42",
"version_source_refs": [
"https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2",
"https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
@@ -31,11 +31,12 @@
"https://github.com/traefik/traefik/security/advisories/GHSA-fw45-f5q2-2p4x",
"https://github.com/traefik/traefik/security/advisories/GHSA-4hjq-9h5c-252j",
"https://github.com/traefik/traefik/security/advisories/GHSA-g3hg-j4jv-cwfr",
"https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w"
"https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w",
"https://github.com/traefik/traefik/releases/tag/v2.11.42"
],
"version_sync_status": "green",
"security_version_count": 55,
"last_version_synced_at": "2026-03-24T09:18:10+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",

8
08-threat-intel/registry/entities/traefik.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "3.7.0-ea.2",
"latest_version": "2.11.42",
"version_scheme": "vendor",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"latest_release_url": "https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48",
"latest_release_at": "2026-03-26T09:02:56Z",
"latest_release_url": "https://github.com/traefik/traefik/releases/tag/v2.11.42",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 63,
"last_version_synced_at": "2026-03-24T09:18:08+00:00",
"last_version_synced_at": "2026-03-26T10:20:27+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

某些文件未显示,因为此 diff 中更改的文件太多 显示更多