更新: 109 个文件 - 2026-03-18 10:55:52
这个提交包含在:
hao
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -25,7 +25,8 @@
|
||||
## 来源
|
||||
|
||||
- `official` [Discourse Meta Security](https://meta.discourse.org/c/bug/security/40) (mode=core)
|
||||
- `official` [GitHub Discourse Advisories](https://github.com/discourse/discourse/security/advisories) (mode=core)
|
||||
- `official` [Discourse Release Notes RSS](https://meta.discourse.org/tag/release-notes.rss) (mode=core)
|
||||
- `official` [GitHub Discourse Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
|
||||
|
||||
## 案例列表
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -27,6 +27,7 @@
|
||||
- `official` [Drupal Security Advisories RSS](https://www.drupal.org/security/rss.xml) (mode=core)
|
||||
- `official` [NVD Drupal](https://nvd.nist.gov/vuln/search) (keyword=Drupal; mode=core)
|
||||
- `ecosystem-authority` [Drupal Security Advisories Site](https://www.drupal.org/security) (mode=module)
|
||||
- `ecosystem-authority` [GHSA Drupal Core](https://github.com/advisories) (ecosystem=composer; mode=core)
|
||||
|
||||
## 案例列表
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -25,7 +25,9 @@
|
||||
## 来源
|
||||
|
||||
- `official` [Adobe Security Bulletins](https://helpx.adobe.com/security/products/magento.html) (mode=core)
|
||||
- `official` [Adobe Magento Security Index](https://helpx.adobe.com/security/products/magento.html) (mode=core)
|
||||
- `official` [NVD Adobe Commerce](https://nvd.nist.gov/vuln/search) (keyword=Adobe Commerce; mode=core)
|
||||
- `ecosystem-authority` [GHSA Adobe Commerce](https://github.com/advisories) (ecosystem=composer; mode=core)
|
||||
- `ecosystem-authority` [Sansec Research](https://sansec.io/research) (mode=extension)
|
||||
|
||||
## 案例列表
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -25,6 +25,8 @@
|
||||
## 来源
|
||||
|
||||
- `official` [Django Security RSS](https://www.djangoproject.com/weblog/feeds/tags/security/) (mode=core)
|
||||
- `official` [Django Security Weblog](https://www.djangoproject.com/weblog/) (mode=core)
|
||||
- `official` [Django Security Releases Archive](https://docs.djangoproject.com/en/dev/releases/security/) (mode=core)
|
||||
- `official` [OSV Django](https://osv.dev/) (mode=core)
|
||||
|
||||
## 案例列表
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `nextjs`
|
||||
- 分类: `frameworks`
|
||||
- 覆盖策略: `history-full`
|
||||
- 总案例数: `5`
|
||||
- 近 30 天新增/更新: `5`
|
||||
- 重点 Markdown 案例数: `5`
|
||||
- 总案例数: `0`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `0`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `5`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -32,8 +32,4 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:26.646070Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
|
||||
| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
|
||||
| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
|
||||
| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
|
||||
| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
|
||||
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
## 来源
|
||||
|
||||
- `official` [HAProxy Security Advisories](https://www.haproxy.org/security/) (mode=server)
|
||||
- `official` [HAProxy Blog Feed](https://www.haproxy.com/feed/) (mode=server)
|
||||
- `official` [NVD HAProxy](https://nvd.nist.gov/vuln/search) (keyword=HAProxy; mode=server)
|
||||
|
||||
## 案例列表
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T14:45:52+00:00`
|
||||
- 最近渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
[]
|
||||
@@ -37,7 +37,7 @@
|
||||
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
|
||||
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
|
||||
@@ -1,190 +1 @@
|
||||
{
|
||||
"nextjs--CVE-2026-27977": {
|
||||
"canonical_id": "nextjs--CVE-2026-27977",
|
||||
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
|
||||
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
|
||||
"display_name": "Next.js",
|
||||
"system_id": "nextjs",
|
||||
"category": "frameworks",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-17T15:29:48Z",
|
||||
"updated_at": "2026-03-17T15:46:26.028580Z",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27977",
|
||||
"GHSA-jcc7-9wpm-mj36"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
}
|
||||
},
|
||||
"nextjs--CVE-2026-27978": {
|
||||
"canonical_id": "nextjs--CVE-2026-27978",
|
||||
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
|
||||
"summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
|
||||
"display_name": "Next.js",
|
||||
"system_id": "nextjs",
|
||||
"category": "frameworks",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-17T15:30:14Z",
|
||||
"updated_at": "2026-03-17T15:46:43.484729Z",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27978",
|
||||
"GHSA-mq59-m269-xvcx"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
}
|
||||
},
|
||||
"nextjs--CVE-2026-27979": {
|
||||
"canonical_id": "nextjs--CVE-2026-27979",
|
||||
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
|
||||
"summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
|
||||
"display_name": "Next.js",
|
||||
"system_id": "nextjs",
|
||||
"category": "frameworks",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-17T16:16:49Z",
|
||||
"updated_at": "2026-03-17T16:31:34.160932Z",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27979",
|
||||
"GHSA-h27x-g6w4-24gq"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
}
|
||||
},
|
||||
"nextjs--CVE-2026-27980": {
|
||||
"canonical_id": "nextjs--CVE-2026-27980",
|
||||
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
|
||||
"summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
|
||||
"display_name": "Next.js",
|
||||
"system_id": "nextjs",
|
||||
"category": "frameworks",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-17T16:17:06Z",
|
||||
"updated_at": "2026-03-17T16:31:33.597080Z",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27980",
|
||||
"GHSA-3x4c-7xq6-9pq8"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
}
|
||||
},
|
||||
"nextjs--CVE-2026-29057": {
|
||||
"canonical_id": "nextjs--CVE-2026-29057",
|
||||
"title": "Next.js: HTTP request smuggling in rewrites",
|
||||
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
|
||||
"display_name": "Next.js",
|
||||
"system_id": "nextjs",
|
||||
"category": "frameworks",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"published_at": "2026-03-17T16:17:15Z",
|
||||
"updated_at": "2026-03-17T16:31:26.646070Z",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v15.5.13",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-29057",
|
||||
"GHSA-ggv3-7p47-pfv8"
|
||||
],
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage",
|
||||
"request-smuggling-boundary",
|
||||
"dependency-upgrade-policy"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
}
|
||||
}
|
||||
}
|
||||
{}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T14:45:55+00:00",
|
||||
"generated_at": "2026-03-18T17:52:49+00:00",
|
||||
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
|
||||
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
|
||||
"sections": [
|
||||
@@ -31,7 +31,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "5"
|
||||
"value": "0"
|
||||
}
|
||||
],
|
||||
"fields": [
|
||||
@@ -49,7 +49,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6210\u65f6\u95f4",
|
||||
"value": "2026-03-18T14:45:55+00:00"
|
||||
"value": "2026-03-18T17:52:49+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -268,6 +268,16 @@
|
||||
"href": "/docs/source-map.html",
|
||||
"description": "\u7cfb\u7edf\u8986\u76d6\u3001\u6765\u6e90\u548c\u8f93\u51fa\u76ee\u5f55\u771f\u503c\u3002"
|
||||
},
|
||||
{
|
||||
"label": "source catalog audit",
|
||||
"href": "/docs/source-catalog-audit.html",
|
||||
"description": "active/retired source \u5ba1\u8ba1\u3001\u66ff\u4ee3\u5173\u7cfb\u4e0e\u8986\u76d6\u6458\u8981\u3002"
|
||||
},
|
||||
{
|
||||
"label": "retired sources",
|
||||
"href": "/docs/retired-sources.html",
|
||||
"description": "\u9000\u5f79\u6e90\u3001\u9000\u5f79\u539f\u56e0\u4e0e replacement map\u3002"
|
||||
},
|
||||
{
|
||||
"label": "repro-map \u771f\u503c",
|
||||
"href": "/docs/repro-map.html",
|
||||
@@ -298,6 +308,21 @@
|
||||
"href": "/data/completeness.json",
|
||||
"description": "\u6700\u65b0 advisory \u5b8c\u6574\u5ea6\u3001\u7cfb\u7edf/family \u8fdb\u5ea6\u4e0e ingest \u5065\u5eb7\u5ea6\u3002"
|
||||
},
|
||||
{
|
||||
"label": "source-health.json",
|
||||
"href": "/data/source-health.json",
|
||||
"description": "active source \u5065\u5eb7\u5ea6\u3001\u7cfb\u7edf\u5206\u5e03\u4e0e\u5931\u8d25\u5206\u7c7b\u3002"
|
||||
},
|
||||
{
|
||||
"label": "alerts.json",
|
||||
"href": "/data/alerts.json",
|
||||
"description": "source \u544a\u8b66\u72b6\u6001\u673a\u3001failure streak \u4e0e resolved \u8bb0\u5f55\u3002"
|
||||
},
|
||||
{
|
||||
"label": "monitor-summary.json",
|
||||
"href": "/data/monitor-summary.json",
|
||||
"description": "\u6bcf\u65e5\u76d1\u63a7\u6458\u8981\u3001open alerts \u4e0e\u6700\u8fd1\u5168\u7eff\u65f6\u95f4\u3002"
|
||||
},
|
||||
{
|
||||
"label": "runs.json",
|
||||
"href": "/runs.json",
|
||||
@@ -322,6 +347,11 @@
|
||||
"label": "architecture.json",
|
||||
"href": "/architecture.json",
|
||||
"description": "\u5f53\u524d\u67b6\u6784\u5e93\u7ed3\u6784\u5316 JSON\u3002"
|
||||
},
|
||||
{
|
||||
"label": "source-catalog-audit.json",
|
||||
"href": "/data/source-catalog-audit.json",
|
||||
"description": "source catalog \u5ba1\u8ba1\u771f\u503c\u4e0e retired/replacement \u5173\u7cfb\u3002"
|
||||
}
|
||||
],
|
||||
"fields": [
|
||||
@@ -484,7 +514,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u5b98\u65b9\u6e90 3",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
@@ -518,7 +548,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "Discourse Meta Security\nGitHub Discourse Advisories"
|
||||
"value": "Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
@@ -570,7 +600,7 @@
|
||||
"badges": [
|
||||
"\u5386\u53f2\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u751f\u6001\u6e90 2",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -607,7 +637,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "Drupal Security Advisories Site"
|
||||
"value": "Drupal Security Advisories Site\nGHSA Drupal Core"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -1440,7 +1470,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u5b98\u65b9\u6e90 4",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
@@ -1474,7 +1504,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "Django Security RSS\nOSV Django"
|
||||
"value": "Django Security RSS\nDjango Security Weblog\nDjango Security Releases Archive\nOSV Django"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
@@ -4712,7 +4742,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u8fd1\u4e24\u5e74\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u5b98\u65b9\u6e90 3",
|
||||
"\u751f\u6001\u6e90 0",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
@@ -4746,7 +4776,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "HAProxy Security Advisories\nNVD HAProxy"
|
||||
"value": "HAProxy Security Advisories\nHAProxy Blog Feed\nNVD HAProxy"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
@@ -4988,8 +5018,8 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u5386\u53f2\u5168\u91cf",
|
||||
"\u5b98\u65b9\u6e90 2",
|
||||
"\u751f\u6001\u6e90 1",
|
||||
"\u5b98\u65b9\u6e90 3",
|
||||
"\u751f\u6001\u6e90 2",
|
||||
"\u7814\u7a76\u6e90 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -5022,11 +5052,11 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u5b98\u65b9\u6765\u6e90",
|
||||
"value": "Adobe Security Bulletins\nNVD Adobe Commerce"
|
||||
"value": "Adobe Security Bulletins\nAdobe Magento Security Index\nNVD Adobe Commerce"
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6001\u6765\u6e90",
|
||||
"value": "Sansec Research"
|
||||
"value": "GHSA Adobe Commerce\nSansec Research"
|
||||
},
|
||||
{
|
||||
"label": "\u7814\u7a76\u6765\u6e90",
|
||||
@@ -5857,15 +5887,15 @@
|
||||
},
|
||||
{
|
||||
"label": "Advisory \u6570",
|
||||
"value": "5"
|
||||
"value": "0"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001\u7c7b\u578b",
|
||||
"value": "1"
|
||||
"value": "0"
|
||||
},
|
||||
{
|
||||
"label": "\u6700\u8fd1\u5931\u8d25",
|
||||
"value": "5"
|
||||
"value": "0"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -5873,23 +5903,7 @@
|
||||
"title": "\u72b6\u6001\u5206\u5e03",
|
||||
"summary": "verification_status \u5f53\u524d\u8ba1\u6570\u3002",
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "\u4eba\u5de5\u5206\u8bca",
|
||||
"summary": "\u5f53\u524d\u7d2f\u8ba1 5 \u6761\u3002",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u72b6\u6001\u7f16\u7801",
|
||||
"value": "triage-manual"
|
||||
},
|
||||
{
|
||||
"label": "\u6570\u91cf",
|
||||
"value": "5"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"items": []
|
||||
},
|
||||
{
|
||||
"title": "\u6700\u8fd1\u5931\u8d25",
|
||||
@@ -5897,134 +5911,9 @@
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "nextjs--CVE-2026-27979"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "nextjs--CVE-2026-27980"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: HTTP request smuggling in rewrites",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "nextjs--CVE-2026-29057"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "nextjs--CVE-2026-27978"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "nextjs--CVE-2026-27977"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
"title": "\u6682\u65e0\u5931\u8d25\u6837\u672c",
|
||||
"summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002",
|
||||
"open": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -43,6 +43,8 @@ const DOC_HUB_ITEMS = [
|
||||
{ title: "仓库入口镜像", href: "/docs/root-readme.html", description: "根 README 的本地镜像,包含能力矩阵与主入口。", badge: "readme" },
|
||||
{ title: "授权模型", href: "/docs/authorization-model.html", description: "目标范围、授权模型、最小化验证建议和记录要求。", badge: "scope" },
|
||||
{ title: "source-map 镜像", href: "/docs/source-map.html", description: "系统覆盖、来源、输出目录和 secure-code 主题真值。", badge: "source-map" },
|
||||
{ title: "source catalog audit", href: "/docs/source-catalog-audit.html", description: "active/retired source、replacement map 与覆盖摘要。", badge: "audit" },
|
||||
{ title: "retired sources", href: "/docs/retired-sources.html", description: "退役源、退役原因和 replacement_sources 真值。", badge: "retired" },
|
||||
{ title: "repro-map 镜像", href: "/docs/repro-map.html", description: "默认漏洞家族、浏览器要求和日志策略真值。", badge: "repro-map" },
|
||||
{ title: "覆盖矩阵镜像", href: "/docs/coverage-matrix.html", description: "当前全库覆盖矩阵的本地镜像。", badge: "coverage" },
|
||||
{ title: "安全编码索引", href: "/docs/secure-code-index.html", description: "secure-code 修复主题索引镜像。", badge: "secure-code" },
|
||||
@@ -52,6 +54,10 @@ const DOC_HUB_ITEMS = [
|
||||
const DATA_HUB_ITEMS = [
|
||||
{ title: "summary.json", href: "/summary.json", description: "全局摘要、状态分布、最近失败与系统汇总。", badge: "json" },
|
||||
{ title: "completeness.json", href: "/data/completeness.json", description: "最新 advisory 完整度、系统/family 进度与 ingest 健康度。", badge: "json" },
|
||||
{ title: "source-health.json", href: "/data/source-health.json", description: "active source 健康度、失败分类与系统分布。", badge: "json" },
|
||||
{ title: "alerts.json", href: "/data/alerts.json", description: "source 告警状态机、failure streak 与 resolved 记录。", badge: "json" },
|
||||
{ title: "monitor-summary.json", href: "/data/monitor-summary.json", description: "每日监控摘要、open alerts 与最近全绿时间。", badge: "json" },
|
||||
{ title: "source-catalog-audit.json", href: "/data/source-catalog-audit.json", description: "source catalog 审计真值与 retired/replacement 关系。", badge: "json" },
|
||||
{ title: "runs.json", href: "/runs.json", description: "最近运行的结构化详情,可用于 UI 和调试。", badge: "json" },
|
||||
{ title: "systems.json", href: "/systems.json", description: "系统级覆盖、分类、更新时间和浏览器证据统计。", badge: "json" },
|
||||
{ title: "advisories.json", href: "/advisories.json", description: "漏洞条目元数据、来源和 secure-code 主题。", badge: "json" },
|
||||
@@ -87,6 +93,9 @@ const state = {
|
||||
profiles: {},
|
||||
architecture: null,
|
||||
completeness: null,
|
||||
sourceHealth: null,
|
||||
alerts: [],
|
||||
monitorSummary: null,
|
||||
selectedRunId: null,
|
||||
selectedArtifact: null,
|
||||
refreshHandle: null,
|
||||
@@ -279,38 +288,41 @@ function familyOptions() {
|
||||
|
||||
function metricCards() {
|
||||
const completeness = state.completeness || state.summary?.completeness || {};
|
||||
const successCount = Number(completeness.verified_real || 0) + Number(completeness.verified_synthetic || 0);
|
||||
const blockedCount = Number(completeness.blocked || 0);
|
||||
const inProgressCount = Number(completeness.manual || 0);
|
||||
const monitoring = state.monitorSummary || state.summary?.monitoring || {};
|
||||
const advisoryTotal = Number(completeness.advisory_total || state.summary?.advisory_count || 0);
|
||||
const advisorySuccess = Number(completeness.verified_real || 0);
|
||||
const activeSources = Number(monitoring.active_source_count || state.sourceHealth?.active_source_count || 0);
|
||||
const greenSources = Number(monitoring.green_source_count || state.sourceHealth?.green_source_count || 0);
|
||||
const openAlerts = Number(monitoring.open_alert_count || state.sourceHealth?.open_alert_count || 0);
|
||||
const lastFullyGreen = monitoring.last_fully_green_run || state.sourceHealth?.last_fully_green_run || "";
|
||||
|
||||
return [
|
||||
{
|
||||
label: "最新 advisory",
|
||||
value: advisoryTotal,
|
||||
label: "advisory 完整度",
|
||||
value: `${advisorySuccess}/${advisoryTotal}`,
|
||||
note: `历史运行 ${state.summary?.run_count || 0} 次`,
|
||||
color: "var(--accent-purple)",
|
||||
color: "var(--accent-green)",
|
||||
iconName: "report"
|
||||
},
|
||||
{
|
||||
label: "实证成功",
|
||||
value: successCount,
|
||||
note: "真实版本 + 合成靶场",
|
||||
color: "var(--accent-green)",
|
||||
label: "active sources",
|
||||
value: activeSources,
|
||||
note: `green ${greenSources}`,
|
||||
color: "var(--accent-blue)",
|
||||
iconName: "shield"
|
||||
},
|
||||
{
|
||||
label: "当前阻塞",
|
||||
value: blockedCount,
|
||||
note: "latest advisory 状态里的 blocked-*",
|
||||
label: "open alerts",
|
||||
value: openAlerts,
|
||||
note: "source-health 告警状态机",
|
||||
color: "var(--accent-red)",
|
||||
iconName: "failure"
|
||||
},
|
||||
{
|
||||
label: "待处理 / 进行中",
|
||||
value: inProgressCount,
|
||||
note: "人工分诊或待补证据的 latest advisory",
|
||||
color: "var(--accent-blue)",
|
||||
label: "最近全绿",
|
||||
value: lastFullyGreen ? formatDateTime(lastFullyGreen) : "-",
|
||||
note: "active source 集合最近一次全绿",
|
||||
color: "var(--accent-purple)",
|
||||
iconName: "timeline"
|
||||
}
|
||||
];
|
||||
@@ -762,6 +774,7 @@ function renderPanel(panelKey, title, meta, iconName, content) {
|
||||
|
||||
function renderCompletenessPanel(panelKey, compact = false) {
|
||||
const completeness = state.completeness || state.summary?.completeness || {};
|
||||
const sourceHealth = state.sourceHealth || completeness.source_health || {};
|
||||
const systems = (state.completeness?.systems || []).map((system) => `
|
||||
<article class="plan-card">
|
||||
<span class="plan-label">${escapeHtml(system.system_id)}</span>
|
||||
@@ -795,12 +808,21 @@ function renderCompletenessPanel(panelKey, compact = false) {
|
||||
<strong>ingest failures</strong>
|
||||
<span>${escapeHtml(state.completeness?.ingest_health?.failure_count || 0)}</span>
|
||||
</article>
|
||||
<article class="detail-stat">
|
||||
<strong>active sources</strong>
|
||||
<span>${escapeHtml(sourceHealth.active_source_count || 0)}</span>
|
||||
</article>
|
||||
<article class="detail-stat">
|
||||
<strong>open alerts</strong>
|
||||
<span>${escapeHtml(sourceHealth.open_alert_count || 0)}</span>
|
||||
</article>
|
||||
</div>
|
||||
<div class="plan-grid" style="margin-top:16px;">${systems || `<div class="empty-state">暂无系统完整度数据。</div>`}</div>
|
||||
${compact ? "" : `
|
||||
<div class="detail-actions" style="margin-top:16px;">
|
||||
<a class="button button-secondary" href="/docs/testing-completeness-report.html" target="_blank" rel="noreferrer">${icon("docs")}<span>打开中文报告</span></a>
|
||||
<a class="button button-secondary" href="/data/completeness.json" target="_blank" rel="noreferrer">${icon("json")}<span>打开 completeness.json</span></a>
|
||||
<a class="button button-secondary" href="/data/source-health.json" target="_blank" rel="noreferrer">${icon("json")}<span>打开 source-health.json</span></a>
|
||||
</div>
|
||||
${failures.length ? `<div class="callout" style="margin-top:16px;"><strong>Ingest 未清零</strong><div class="plan-copy">${escapeHtml(failures.join(" | "))}</div></div>` : ""}
|
||||
`}
|
||||
@@ -808,6 +830,66 @@ function renderCompletenessPanel(panelKey, compact = false) {
|
||||
);
|
||||
}
|
||||
|
||||
function renderSourceHealthPanel(panelKey, compact = false) {
|
||||
const sourceHealth = state.sourceHealth || {};
|
||||
const alerts = state.alerts || [];
|
||||
const failures = (sourceHealth.failures || []).slice(0, 6);
|
||||
const openAlertItems = alerts.filter((item) => item.status === "open");
|
||||
const openAlerts = openAlertItems.slice(0, 6);
|
||||
const failureCards = failures.length
|
||||
? failures.map((item) => `
|
||||
<article class="plan-card">
|
||||
<span class="plan-label">${escapeHtml(item.system_id || "-")} · ${escapeHtml(item.source_name || "-")}</span>
|
||||
<div class="plan-copy">${escapeHtml(item.category || "unknown")} · ${escapeHtml(item.message || item.summary || "-")}</div>
|
||||
</article>
|
||||
`).join("")
|
||||
: `<div class="empty-state">当前 active source 集合全绿。</div>`;
|
||||
const alertCards = openAlerts.length
|
||||
? openAlerts.map((item) => `
|
||||
<article class="plan-card">
|
||||
<span class="plan-label">${escapeHtml(item.system_id || "-")} · ${escapeHtml(item.source_name || "-")}</span>
|
||||
<div class="plan-copy">streak ${escapeHtml(item.failure_streak || 0)} · ${escapeHtml(item.last_category || "-")}</div>
|
||||
</article>
|
||||
`).join("")
|
||||
: `<div class="empty-state">当前没有 open alert。</div>`;
|
||||
return renderPanel(
|
||||
panelKey,
|
||||
"Source Health 与告警",
|
||||
`${escapeHtml(sourceHealth.green_source_count || 0)}/${escapeHtml(sourceHealth.active_source_count || 0)}`,
|
||||
"shield",
|
||||
`
|
||||
<div class="detail-stat-grid">
|
||||
<article class="detail-stat">
|
||||
<strong>green</strong>
|
||||
<span>${escapeHtml(sourceHealth.green_source_count || 0)}</span>
|
||||
</article>
|
||||
<article class="detail-stat">
|
||||
<strong>failures</strong>
|
||||
<span>${escapeHtml(sourceHealth.failure_count || 0)}</span>
|
||||
</article>
|
||||
<article class="detail-stat">
|
||||
<strong>open alerts</strong>
|
||||
<span>${escapeHtml(openAlertItems.length)}</span>
|
||||
</article>
|
||||
<article class="detail-stat">
|
||||
<strong>last fully green</strong>
|
||||
<span>${escapeHtml(sourceHealth.last_fully_green_run ? formatDateTime(sourceHealth.last_fully_green_run) : "-")}</span>
|
||||
</article>
|
||||
</div>
|
||||
${compact ? "" : `
|
||||
<div class="detail-actions" style="margin-top:16px;">
|
||||
<a class="button button-secondary" href="/data/source-health.json" target="_blank" rel="noreferrer">${icon("json")}<span>source-health.json</span></a>
|
||||
<a class="button button-secondary" href="/data/alerts.json" target="_blank" rel="noreferrer">${icon("json")}<span>alerts.json</span></a>
|
||||
<a class="button button-secondary" href="/data/monitor-summary.json" target="_blank" rel="noreferrer">${icon("json")}<span>monitor-summary.json</span></a>
|
||||
<a class="button button-secondary" href="/docs/source-catalog-audit.html" target="_blank" rel="noreferrer">${icon("docs")}<span>source catalog audit</span></a>
|
||||
</div>
|
||||
`}
|
||||
<div class="plan-grid" style="margin-top:16px;">${failureCards}</div>
|
||||
<div class="plan-grid" style="margin-top:16px;">${alertCards}</div>
|
||||
`
|
||||
);
|
||||
}
|
||||
|
||||
function renderArchitectureFields(fields = []) {
|
||||
if (!fields.length) return "";
|
||||
return `
|
||||
@@ -1185,6 +1267,7 @@ function renderOverviewWorkspace() {
|
||||
<div class="detail-subtitle">根入口保留为概览页,同时新增运行、系统、架构、文档和数据的独立 URL。顶部菜单负责分类切换,搜索与筛选会同步到地址栏。</div>
|
||||
</section>
|
||||
${renderCompletenessPanel("overview_completeness")}
|
||||
${renderSourceHealthPanel("overview_source_health")}
|
||||
${renderPanel("overview_runs", "最新运行", `${escapeHtml(runs.length)} 条`, "queue", renderRunList(runs, "暂无运行数据。"))}
|
||||
${renderPanel("overview_systems", "系统覆盖概览", `${escapeHtml(systems.length)} 个系统`, "systems", `<div class="system-grid">${renderSystemCards(systems)}</div>`)}
|
||||
${renderArchitecturePanel()}
|
||||
@@ -1251,6 +1334,7 @@ function renderDocsWorkspace() {
|
||||
<div class="detail-subtitle">不再把所有入口混在首页链接堆里。这里按说明、设计、真值镜像和 secure-code 索引集中展示。</div>
|
||||
</section>
|
||||
${renderCompletenessPanel("docs_completeness", true)}
|
||||
${renderSourceHealthPanel("docs_source_health", true)}
|
||||
${renderPanel("docs_hub", "文档与镜像页", `${escapeHtml(DOC_HUB_ITEMS.length)} 个入口`, "docs", renderHubCards(DOC_HUB_ITEMS))}
|
||||
</div>
|
||||
`;
|
||||
@@ -1272,6 +1356,7 @@ function renderDataWorkspace() {
|
||||
<div class="detail-subtitle">summary、runs、systems、advisories、profiles、architecture 已单独归入数据中心,避免和文档、运行详情混在一个地址里。</div>
|
||||
</section>
|
||||
${renderCompletenessPanel("data_completeness", true)}
|
||||
${renderSourceHealthPanel("data_source_health")}
|
||||
${renderPanel("data_hub", "JSON 与生成数据", `${escapeHtml(DATA_HUB_ITEMS.length)} 个入口`, "json", renderHubCards(DATA_HUB_ITEMS))}
|
||||
</div>
|
||||
`;
|
||||
@@ -1473,14 +1558,17 @@ async function loadData(preserveSelection = true) {
|
||||
renderSyncState("loading", "刷新中", `本地时间 ${new Date().toLocaleTimeString("zh-CN", { hour12: false })}`);
|
||||
|
||||
try {
|
||||
const [summary, runs, systems, advisories, profiles, architecture, completeness] = await Promise.all([
|
||||
const [summary, runs, systems, advisories, profiles, architecture, completeness, sourceHealth, alerts, monitorSummary] = await Promise.all([
|
||||
fetchJson("/summary.json"),
|
||||
fetchJson("/runs.json"),
|
||||
fetchJson("/systems.json"),
|
||||
fetchJson("/advisories.json"),
|
||||
fetchJson("/profiles.json"),
|
||||
fetchJson("/architecture.json"),
|
||||
fetchJson("/data/completeness.json")
|
||||
fetchJson("/data/completeness.json"),
|
||||
fetchJson("/data/source-health.json"),
|
||||
fetchJson("/data/alerts.json"),
|
||||
fetchJson("/data/monitor-summary.json")
|
||||
]);
|
||||
|
||||
state.summary = summary;
|
||||
@@ -1490,6 +1578,9 @@ async function loadData(preserveSelection = true) {
|
||||
state.profiles = profiles;
|
||||
state.architecture = architecture;
|
||||
state.completeness = completeness;
|
||||
state.sourceHealth = sourceHealth;
|
||||
state.alerts = alerts;
|
||||
state.monitorSummary = monitorSummary;
|
||||
|
||||
const filtered = filteredRuns();
|
||||
const candidate = preserveSelection ? (state.selectedRunId || previousRunId) : state.selectedRunId;
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
[]
|
||||
@@ -1,9 +1,7 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T14:45:55+00:00",
|
||||
"advisory_total": 5,
|
||||
"latest_statuses": {
|
||||
"triage-manual": 5
|
||||
},
|
||||
"generated_at": "2026-03-18T17:52:49+00:00",
|
||||
"advisory_total": 0,
|
||||
"latest_statuses": {},
|
||||
"historical_statuses": {
|
||||
"verified-real": 136,
|
||||
"blocked-artifact": 3,
|
||||
@@ -12,76 +10,52 @@
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 5,
|
||||
"manual": 0,
|
||||
"verified_ratio": 0.0,
|
||||
"complete": false,
|
||||
"systems": [
|
||||
{
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"total": 5,
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 5,
|
||||
"families": [
|
||||
{
|
||||
"family": "proxy-boundary",
|
||||
"total": 4,
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 4
|
||||
},
|
||||
{
|
||||
"family": "request-smuggling",
|
||||
"total": 1,
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 1
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"systems": [],
|
||||
"ingest_health": {
|
||||
"failure_count": 29,
|
||||
"failures": [
|
||||
"drupal::Drupal Security Advisories Site::HTTPError",
|
||||
"discourse::Discourse Meta Security::HTTPError",
|
||||
"adobe-commerce::Adobe Security Bulletins::ConnectionError",
|
||||
"react::GitHub Global Advisories::TypeError",
|
||||
"nextjs::GitHub Global Advisories::AttributeError",
|
||||
"vue::GitHub Global Advisories::HTTPError",
|
||||
"nuxt::GitHub Global Advisories::HTTPError",
|
||||
"vite::GitHub Global Advisories::HTTPError",
|
||||
"angular::GitHub Global Advisories::HTTPError",
|
||||
"sveltekit::GitHub Global Advisories::HTTPError",
|
||||
"astro::GitHub Global Advisories::HTTPError",
|
||||
"express::GitHub Global Advisories::HTTPError",
|
||||
"nestjs::GitHub Global Advisories::HTTPError",
|
||||
"koa::GitHub Global Advisories::HTTPError",
|
||||
"fastify::GitHub Global Advisories::HTTPError",
|
||||
"hapi::GitHub Global Advisories::HTTPError",
|
||||
"undici::GitHub Global Advisories::HTTPError",
|
||||
"webpack::GitHub Global Advisories::HTTPError",
|
||||
"esbuild::GitHub Global Advisories::HTTPError",
|
||||
"spring-framework::GitHub Global Advisories::HTTPError",
|
||||
"spring-security::GitHub Global Advisories::HTTPError",
|
||||
"spring-boot::GitHub Global Advisories::HTTPError",
|
||||
"laravel::GitHub Global Advisories::HTTPError",
|
||||
"symfony::GitHub Global Advisories::HTTPError",
|
||||
"django::Django Security RSS::HTTPError",
|
||||
"flask::GitHub Global Advisories::HTTPError",
|
||||
"werkzeug::GitHub Global Advisories::HTTPError",
|
||||
"rails::GitHub Global Advisories::HTTPError",
|
||||
"haproxy::HAProxy Security Advisories::HTTPError"
|
||||
]
|
||||
"failure_count": 0,
|
||||
"failures": []
|
||||
},
|
||||
"source_health": {
|
||||
"active_source_count": 110,
|
||||
"green_source_count": 110,
|
||||
"failure_count": 0,
|
||||
"last_fully_green_run": "2026-03-18T17:44:31+00:00",
|
||||
"open_alert_count": 0,
|
||||
"resolved_alert_count": 0
|
||||
},
|
||||
"monitor_summary": {
|
||||
"generated_at": "2026-03-18T17:44:31+00:00",
|
||||
"active_source_count": 110,
|
||||
"green_source_count": 110,
|
||||
"source_failure_count": 0,
|
||||
"open_alert_count": 0,
|
||||
"resolved_alert_count": 0,
|
||||
"last_fully_green_run": "2026-03-18T17:44:31+00:00",
|
||||
"source_catalog": {
|
||||
"system_count": 62,
|
||||
"source_count": 146,
|
||||
"retired_source_count": 36
|
||||
},
|
||||
"ingest": {
|
||||
"new_count": 0,
|
||||
"updated_count": 0,
|
||||
"failure_count": 0,
|
||||
"systems_touched": []
|
||||
},
|
||||
"validation": {
|
||||
"passed": true,
|
||||
"error_count": 0,
|
||||
"errors": []
|
||||
}
|
||||
},
|
||||
"historical_blockers": [
|
||||
"Docker daemon unavailable caused provision-compose-environment blocked-artifact.",
|
||||
"Family profiles previously used note-only attack runners and dry-run placeholders.",
|
||||
"Baseline and browser steps were skipped when environment readiness was not enforced.",
|
||||
"Latest completeness now uses one advisory -> latest run semantics instead of historical run piles."
|
||||
"Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.",
|
||||
"Source health now counts only status=active sources; retired sources are audited separately with replacement links."
|
||||
]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T17:44:31+00:00",
|
||||
"active_source_count": 110,
|
||||
"green_source_count": 110,
|
||||
"source_failure_count": 0,
|
||||
"open_alert_count": 0,
|
||||
"resolved_alert_count": 0,
|
||||
"last_fully_green_run": "2026-03-18T17:44:31+00:00",
|
||||
"source_catalog": {
|
||||
"system_count": 62,
|
||||
"source_count": 146,
|
||||
"retired_source_count": 36
|
||||
},
|
||||
"ingest": {
|
||||
"new_count": 0,
|
||||
"updated_count": 0,
|
||||
"failure_count": 0,
|
||||
"systems_touched": []
|
||||
},
|
||||
"validation": {
|
||||
"passed": true,
|
||||
"error_count": 0,
|
||||
"errors": []
|
||||
}
|
||||
}
|
||||
文件差异内容过多而无法显示
加载差异
文件差异内容过多而无法显示
加载差异
@@ -87,7 +87,7 @@
|
||||
<h1>当前架构库镜像</h1>
|
||||
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
|
||||
<pre>{
|
||||
"generated_at": "2026-03-18T14:45:55+00:00",
|
||||
"generated_at": "2026-03-18T17:52:49+00:00",
|
||||
"title": "当前架构库",
|
||||
"summary": "工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。",
|
||||
"sections": [
|
||||
@@ -119,7 +119,7 @@
|
||||
},
|
||||
{
|
||||
"label": "当前漏洞条目",
|
||||
"value": "5"
|
||||
"value": "0"
|
||||
}
|
||||
],
|
||||
"fields": [
|
||||
@@ -137,7 +137,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生成时间",
|
||||
"value": "2026-03-18T14:45:55+00:00"
|
||||
"value": "2026-03-18T17:52:49+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -356,6 +356,16 @@
|
||||
"href": "/docs/source-map.html",
|
||||
"description": "系统覆盖、来源和输出目录真值。"
|
||||
},
|
||||
{
|
||||
"label": "source catalog audit",
|
||||
"href": "/docs/source-catalog-audit.html",
|
||||
"description": "active/retired source 审计、替代关系与覆盖摘要。"
|
||||
},
|
||||
{
|
||||
"label": "retired sources",
|
||||
"href": "/docs/retired-sources.html",
|
||||
"description": "退役源、退役原因与 replacement map。"
|
||||
},
|
||||
{
|
||||
"label": "repro-map 真值",
|
||||
"href": "/docs/repro-map.html",
|
||||
@@ -386,6 +396,21 @@
|
||||
"href": "/data/completeness.json",
|
||||
"description": "最新 advisory 完整度、系统/family 进度与 ingest 健康度。"
|
||||
},
|
||||
{
|
||||
"label": "source-health.json",
|
||||
"href": "/data/source-health.json",
|
||||
"description": "active source 健康度、系统分布与失败分类。"
|
||||
},
|
||||
{
|
||||
"label": "alerts.json",
|
||||
"href": "/data/alerts.json",
|
||||
"description": "source 告警状态机、failure streak 与 resolved 记录。"
|
||||
},
|
||||
{
|
||||
"label": "monitor-summary.json",
|
||||
"href": "/data/monitor-summary.json",
|
||||
"description": "每日监控摘要、open alerts 与最近全绿时间。"
|
||||
},
|
||||
{
|
||||
"label": "runs.json",
|
||||
"href": "/runs.json",
|
||||
@@ -410,6 +435,11 @@
|
||||
"label": "architecture.json",
|
||||
"href": "/architecture.json",
|
||||
"description": "当前架构库结构化 JSON。"
|
||||
},
|
||||
{
|
||||
"label": "source-catalog-audit.json",
|
||||
"href": "/data/source-catalog-audit.json",
|
||||
"description": "source catalog 审计真值与 retired/replacement 关系。"
|
||||
}
|
||||
],
|
||||
"fields": [
|
||||
@@ -572,7 +602,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -606,7 +636,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Discourse Meta Security\nGitHub Discourse Advisories"
|
||||
"value": "Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -658,7 +688,7 @@
|
||||
"badges": [
|
||||
"历史全量",
|
||||
"官方源 2",
|
||||
"生态源 1",
|
||||
"生态源 2",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -695,7 +725,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "Drupal Security Advisories Site"
|
||||
"value": "Drupal Security Advisories Site\nGHSA Drupal Core"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -1528,7 +1558,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 4",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -1562,7 +1592,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Django Security RSS\nOSV Django"
|
||||
"value": "Django Security RSS\nDjango Security Weblog\nDjango Security Releases Archive\nOSV Django"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -4800,7 +4830,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -4834,7 +4864,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "HAProxy Security Advisories\nNVD HAProxy"
|
||||
"value": "HAProxy Security Advisories\nHAProxy Blog Feed\nNVD HAProxy"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -5076,8 +5106,8 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"历史全量",
|
||||
"官方源 2",
|
||||
"生态源 1",
|
||||
"官方源 3",
|
||||
"生态源 2",
|
||||
"研究源 0"
|
||||
],
|
||||
"fields": [
|
||||
@@ -5110,11 +5140,11 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Adobe Security Bulletins\nNVD Adobe Commerce"
|
||||
"value": "Adobe Security Bulletins\nAdobe Magento Security Index\nNVD Adobe Commerce"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
"value": "Sansec Research"
|
||||
"value": "GHSA Adobe Commerce\nSansec Research"
|
||||
},
|
||||
{
|
||||
"label": "研究来源",
|
||||
@@ -5945,15 +5975,15 @@
|
||||
},
|
||||
{
|
||||
"label": "Advisory 数",
|
||||
"value": "5"
|
||||
"value": "0"
|
||||
},
|
||||
{
|
||||
"label": "状态类型",
|
||||
"value": "1"
|
||||
"value": "0"
|
||||
},
|
||||
{
|
||||
"label": "最近失败",
|
||||
"value": "5"
|
||||
"value": "0"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -5961,23 +5991,7 @@
|
||||
"title": "状态分布",
|
||||
"summary": "verification_status 当前计数。",
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "人工分诊",
|
||||
"summary": "当前累计 5 条。",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
"label": "状态编码",
|
||||
"value": "triage-manual"
|
||||
},
|
||||
{
|
||||
"label": "数量",
|
||||
"value": "5"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"items": []
|
||||
},
|
||||
{
|
||||
"title": "最近失败",
|
||||
@@ -5985,134 +5999,9 @@
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "nextjs--CVE-2026-27979"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "nextjs--CVE-2026-27980"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: HTTP request smuggling in rewrites",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "nextjs--CVE-2026-29057"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "nextjs--CVE-2026-27978"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "nextjs--CVE-2026-27977"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
"title": "暂无失败样本",
|
||||
"summary": "当前 summary.json 中没有 recent_failures。",
|
||||
"open": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@
|
||||
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
|
||||
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
|
||||
@@ -0,0 +1,539 @@
|
||||
<!doctype html>
|
||||
<html lang="zh-CN">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Retired Sources & Replacement Map</title>
|
||||
<style>
|
||||
:root {
|
||||
--bg: #08111f;
|
||||
--panel: rgba(9, 18, 32, 0.9);
|
||||
--border: rgba(137, 171, 214, 0.2);
|
||||
--text: #f7fafc;
|
||||
--muted: #9fb3ca;
|
||||
--accent: #5eead4;
|
||||
}
|
||||
* { box-sizing: border-box; }
|
||||
body {
|
||||
margin: 0;
|
||||
min-height: 100vh;
|
||||
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
|
||||
color: var(--text);
|
||||
background:
|
||||
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
|
||||
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
|
||||
}
|
||||
main {
|
||||
max-width: 1080px;
|
||||
margin: 0 auto;
|
||||
padding: 32px 20px 40px;
|
||||
}
|
||||
.panel {
|
||||
background: var(--panel);
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 20px;
|
||||
padding: 24px;
|
||||
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
|
||||
}
|
||||
.actions {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
gap: 12px;
|
||||
margin-bottom: 18px;
|
||||
}
|
||||
.chip {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 8px;
|
||||
border-radius: 999px;
|
||||
border: 1px solid var(--border);
|
||||
padding: 10px 14px;
|
||||
color: var(--text);
|
||||
background: rgba(255,255,255,0.05);
|
||||
text-decoration: none;
|
||||
}
|
||||
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
|
||||
h1 {
|
||||
margin: 0 0 12px;
|
||||
font-family: "IBM Plex Serif", Georgia, serif;
|
||||
font-size: clamp(1.8rem, 4vw, 3rem);
|
||||
line-height: 1.08;
|
||||
}
|
||||
.meta {
|
||||
color: var(--muted);
|
||||
margin-bottom: 18px;
|
||||
}
|
||||
pre {
|
||||
margin: 0;
|
||||
padding: 20px;
|
||||
overflow: auto;
|
||||
border-radius: 16px;
|
||||
border: 1px solid rgba(137, 171, 214, 0.12);
|
||||
background: rgba(2, 8, 22, 0.84);
|
||||
color: #d6e5f5;
|
||||
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
|
||||
font-size: 0.92rem;
|
||||
line-height: 1.6;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<main>
|
||||
<div class="panel">
|
||||
<div class="actions">
|
||||
<a class="chip" href="/overview/index.html">返回工作台</a>
|
||||
</div>
|
||||
<h1>Retired Sources & Replacement Map</h1>
|
||||
<div class="meta">工作台内置镜像页:退役源、退役原因和 replacement_sources 真值。</div>
|
||||
<pre>[
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "Adobe Security Bulletins",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.",
|
||||
"replacement_sources": [
|
||||
"Adobe Magento Security Index",
|
||||
"NVD Adobe Commerce",
|
||||
"GHSA Adobe Commerce"
|
||||
],
|
||||
"url": "https://helpx.adobe.com/security/products/magento.html"
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "GHSA Adobe Commerce",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Adobe Magento Security Index",
|
||||
"NVD Adobe Commerce"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "Sansec Research",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "vendor-index",
|
||||
"retired_reason": "Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.",
|
||||
"replacement_sources": [
|
||||
"GHSA Adobe Commerce",
|
||||
"Adobe Magento Security Index"
|
||||
],
|
||||
"url": "https://sansec.io/research"
|
||||
},
|
||||
{
|
||||
"system_id": "angular",
|
||||
"display_name": "Angular",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Angular"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "astro",
|
||||
"display_name": "Astro",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Astro"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "discourse",
|
||||
"display_name": "Discourse",
|
||||
"source_name": "Discourse Meta Security",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Meta security category HTML changed and no longer provides stable scrape semantics for health checks.",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS",
|
||||
"GitHub Discourse Advisories"
|
||||
],
|
||||
"url": "https://meta.discourse.org/c/bug/security/40"
|
||||
},
|
||||
{
|
||||
"system_id": "discourse",
|
||||
"display_name": "Discourse",
|
||||
"source_name": "GitHub Discourse Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "django",
|
||||
"display_name": "Django",
|
||||
"source_name": "Django Security RSS",
|
||||
"bucket": "official_sources",
|
||||
"kind": "rss-feed",
|
||||
"retired_reason": "Official security tag feed became unstable; use official weblog index and release archive instead.",
|
||||
"replacement_sources": [
|
||||
"Django Security Weblog",
|
||||
"Django Security Releases Archive"
|
||||
],
|
||||
"url": "https://www.djangoproject.com/weblog/feeds/tags/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "drupal",
|
||||
"display_name": "Drupal",
|
||||
"source_name": "Drupal Security Advisories Site",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.",
|
||||
"replacement_sources": [
|
||||
"Drupal Security Advisories RSS",
|
||||
"GHSA Drupal Core"
|
||||
],
|
||||
"url": "https://www.drupal.org/security"
|
||||
},
|
||||
{
|
||||
"system_id": "drupal",
|
||||
"display_name": "Drupal",
|
||||
"source_name": "GHSA Drupal Core",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Drupal Security Advisories RSS",
|
||||
"NVD Drupal"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "esbuild",
|
||||
"display_name": "esbuild",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV esbuild"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "express",
|
||||
"display_name": "Express",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Express"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "fastify",
|
||||
"display_name": "Fastify",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Fastify"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "flask",
|
||||
"display_name": "Flask",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Flask"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "hapi",
|
||||
"display_name": "Hapi",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Hapi"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "haproxy",
|
||||
"display_name": "HAProxy",
|
||||
"source_name": "HAProxy Security Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Legacy haproxy.org security page no longer yields stable scrape results for monitoring.",
|
||||
"replacement_sources": [
|
||||
"HAProxy Blog Feed"
|
||||
],
|
||||
"url": "https://www.haproxy.org/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "koa",
|
||||
"display_name": "Koa",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Koa"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "laravel",
|
||||
"display_name": "Laravel",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Laravel"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "mattermost",
|
||||
"display_name": "Mattermost",
|
||||
"source_name": "Mattermost Security Updates",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"NVD Mattermost"
|
||||
],
|
||||
"url": "https://mattermost.com/security-updates/"
|
||||
},
|
||||
{
|
||||
"system_id": "mediawiki",
|
||||
"display_name": "MediaWiki",
|
||||
"source_name": "MediaWiki Security Releases",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"NVD MediaWiki"
|
||||
],
|
||||
"url": "https://www.mediawiki.org/wiki/Security"
|
||||
},
|
||||
{
|
||||
"system_id": "moodle",
|
||||
"display_name": "Moodle",
|
||||
"source_name": "Moodle Security News",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"NVD Moodle"
|
||||
],
|
||||
"url": "https://moodle.org/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "nestjs",
|
||||
"display_name": "NestJS",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV NestJS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"GitHub Next.js Advisories",
|
||||
"OSV Next.js"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "nuxt",
|
||||
"display_name": "Nuxt",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Nuxt Security",
|
||||
"OSV Nuxt"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "rails",
|
||||
"display_name": "Ruby on Rails",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Rails"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "react",
|
||||
"display_name": "React",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"GitHub React Advisories",
|
||||
"OSV React"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "spring-boot",
|
||||
"display_name": "Spring Boot",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "spring-framework",
|
||||
"display_name": "Spring Framework",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "spring-security",
|
||||
"display_name": "Spring Security",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "sveltekit",
|
||||
"display_name": "SvelteKit",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV SvelteKit"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "symfony",
|
||||
"display_name": "Symfony",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Symfony"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "undici",
|
||||
"display_name": "Undici",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Undici"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "vite",
|
||||
"display_name": "Vite",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Vite Security",
|
||||
"OSV Vite"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "vue",
|
||||
"display_name": "Vue",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Vue Security",
|
||||
"OSV Vue"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "webpack",
|
||||
"display_name": "webpack",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV webpack"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "werkzeug",
|
||||
"display_name": "Werkzeug",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Werkzeug"
|
||||
],
|
||||
"url": ""
|
||||
}
|
||||
]</pre>
|
||||
</div>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,141 @@
|
||||
<!doctype html>
|
||||
<html lang="zh-CN">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Source Catalog Audit</title>
|
||||
<style>
|
||||
:root {
|
||||
--bg: #08111f;
|
||||
--panel: rgba(9, 18, 32, 0.9);
|
||||
--border: rgba(137, 171, 214, 0.2);
|
||||
--text: #f7fafc;
|
||||
--muted: #9fb3ca;
|
||||
--accent: #5eead4;
|
||||
}
|
||||
* { box-sizing: border-box; }
|
||||
body {
|
||||
margin: 0;
|
||||
min-height: 100vh;
|
||||
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
|
||||
color: var(--text);
|
||||
background:
|
||||
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
|
||||
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
|
||||
}
|
||||
main {
|
||||
max-width: 1080px;
|
||||
margin: 0 auto;
|
||||
padding: 32px 20px 40px;
|
||||
}
|
||||
.panel {
|
||||
background: var(--panel);
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 20px;
|
||||
padding: 24px;
|
||||
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
|
||||
}
|
||||
.actions {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
gap: 12px;
|
||||
margin-bottom: 18px;
|
||||
}
|
||||
.chip {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 8px;
|
||||
border-radius: 999px;
|
||||
border: 1px solid var(--border);
|
||||
padding: 10px 14px;
|
||||
color: var(--text);
|
||||
background: rgba(255,255,255,0.05);
|
||||
text-decoration: none;
|
||||
}
|
||||
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
|
||||
h1 {
|
||||
margin: 0 0 12px;
|
||||
font-family: "IBM Plex Serif", Georgia, serif;
|
||||
font-size: clamp(1.8rem, 4vw, 3rem);
|
||||
line-height: 1.08;
|
||||
}
|
||||
.meta {
|
||||
color: var(--muted);
|
||||
margin-bottom: 18px;
|
||||
}
|
||||
pre {
|
||||
margin: 0;
|
||||
padding: 20px;
|
||||
overflow: auto;
|
||||
border-radius: 16px;
|
||||
border: 1px solid rgba(137, 171, 214, 0.12);
|
||||
background: rgba(2, 8, 22, 0.84);
|
||||
color: #d6e5f5;
|
||||
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
|
||||
font-size: 0.92rem;
|
||||
line-height: 1.6;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<main>
|
||||
<div class="panel">
|
||||
<div class="actions">
|
||||
<a class="chip" href="/overview/index.html">返回工作台</a>
|
||||
</div>
|
||||
<h1>Source Catalog Audit</h1>
|
||||
<div class="meta">工作台内置镜像页:active/retired source、replacement map 与覆盖摘要。</div>
|
||||
<pre># Source Catalog Audit
|
||||
|
||||
- generated_at: `2026-03-18T17:41:42+00:00`
|
||||
- systems: `62`
|
||||
- sources: `146`
|
||||
- active_sources: `110`
|
||||
- retired_sources: `36`
|
||||
- systems_with_active_official: `62/62`
|
||||
- systems_with_machine_readable_source: `57/62`
|
||||
|
||||
## Retired Sources
|
||||
|
||||
- `adobe-commerce` `Adobe Security Bulletins` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
|
||||
- `adobe-commerce` `GHSA Adobe Commerce` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
|
||||
- `adobe-commerce` `Sansec Research` -> replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
|
||||
- `angular` `GitHub Global Advisories` -> replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
|
||||
- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
|
||||
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
|
||||
- `drupal` `Drupal Security Advisories Site` -> replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
|
||||
- `drupal` `GHSA Drupal Core` -> replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
|
||||
- `esbuild` `GitHub Global Advisories` -> replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
|
||||
- `express` `GitHub Global Advisories` -> replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
|
||||
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
|
||||
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
|
||||
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
|
||||
- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
|
||||
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `mediawiki` `MediaWiki Security Releases` -> replacements: `NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
|
||||
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
|
||||
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
|
||||
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
|
||||
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
|
||||
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
|
||||
- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
|
||||
- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
|
||||
- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
|
||||
- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
|
||||
</pre>
|
||||
</div>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
@@ -174,6 +174,17 @@ systems:
|
||||
advisory_mode: module
|
||||
keywords: [drupal, module, sa-contrib]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
|
||||
replacement_sources: [Drupal Security Advisories RSS, GHSA Drupal Core]
|
||||
- name: GHSA Drupal Core
|
||||
kind: ghsa-global
|
||||
ecosystem: composer
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
|
||||
replacement_sources: [Drupal Security Advisories RSS, NVD Drupal]
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: composer
|
||||
@@ -325,6 +336,9 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [mediawiki, security]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD MediaWiki]
|
||||
- name: NVD MediaWiki
|
||||
kind: nvd-search
|
||||
keyword: MediaWiki
|
||||
@@ -355,6 +369,9 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [moodle, security]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD Moodle]
|
||||
- name: NVD Moodle
|
||||
kind: nvd-search
|
||||
keyword: Moodle
|
||||
@@ -385,13 +402,24 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [discourse, security]
|
||||
max_items: 50
|
||||
- name: GitHub Discourse Advisories
|
||||
kind: html-links
|
||||
url: https://github.com/discourse/discourse/security/advisories
|
||||
status: retired
|
||||
retired_reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
replacement_sources: [Discourse Release Notes RSS, GitHub Discourse Advisories]
|
||||
- name: Discourse Release Notes RSS
|
||||
kind: rss-feed
|
||||
url: https://meta.discourse.org/tag/release-notes.rss
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [discourse]
|
||||
max_items: 50
|
||||
keywords: [discourse, security, cve]
|
||||
max_items: 60
|
||||
- name: GitHub Discourse Advisories
|
||||
kind: ghsa-global
|
||||
ecosystem: rubygems
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
replacement_sources: [Discourse Release Notes RSS]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -418,6 +446,24 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [adobe commerce, magento, apsb]
|
||||
max_items: 60
|
||||
status: retired
|
||||
retired_reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
|
||||
replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce]
|
||||
- name: Adobe Magento Security Index
|
||||
kind: vendor-index
|
||||
url: https://helpx.adobe.com/security/products/magento.html
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [adobe commerce, magento, apsb, security]
|
||||
max_items: 60
|
||||
request_policy:
|
||||
user_agent: python-requests/2.31.0
|
||||
timeout_seconds: 45
|
||||
verify_tls: false
|
||||
http_version: "1.1"
|
||||
parser_hints:
|
||||
keywords: [adobe commerce, magento, apsb, security]
|
||||
include_url_patterns: [magento, security, APSB]
|
||||
- name: NVD Adobe Commerce
|
||||
kind: nvd-search
|
||||
keyword: Adobe Commerce
|
||||
@@ -425,13 +471,24 @@ systems:
|
||||
advisory_mode: core
|
||||
results_per_page: 50
|
||||
ecosystem_sources:
|
||||
- name: GHSA Adobe Commerce
|
||||
kind: ghsa-global
|
||||
ecosystem: composer
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
|
||||
replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce]
|
||||
- name: Sansec Research
|
||||
kind: html-links
|
||||
kind: vendor-index
|
||||
url: https://sansec.io/research
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: extension
|
||||
keywords: [magento, adobe commerce]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
|
||||
replacement_sources: [GHSA Adobe Commerce, Adobe Magento Security Index]
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: composer
|
||||
@@ -757,6 +814,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
|
||||
replacement_sources: [GitHub React Advisories, OSV React]
|
||||
- name: OSV React
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -795,6 +855,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
replacement_sources: [GitHub Next.js Advisories, OSV Next.js]
|
||||
- name: OSV Next.js
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -831,6 +894,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
|
||||
replacement_sources: [Vue Security, OSV Vue]
|
||||
- name: OSV Vue
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -869,6 +935,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
replacement_sources: [Nuxt Security, OSV Nuxt]
|
||||
- name: OSV Nuxt
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -905,6 +974,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
|
||||
replacement_sources: [Vite Security, OSV Vite]
|
||||
- name: OSV Vite
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -934,6 +1006,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
|
||||
replacement_sources: [OSV Angular]
|
||||
- name: OSV Angular
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -965,6 +1040,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
|
||||
replacement_sources: [OSV SvelteKit]
|
||||
- name: OSV SvelteKit
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -994,6 +1072,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
|
||||
replacement_sources: [OSV Astro]
|
||||
- name: OSV Astro
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1023,6 +1104,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
|
||||
replacement_sources: [OSV Express]
|
||||
- name: OSV Express
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1052,6 +1136,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
replacement_sources: [OSV NestJS]
|
||||
- name: OSV NestJS
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1081,6 +1168,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
replacement_sources: [OSV Koa]
|
||||
- name: OSV Koa
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1110,6 +1200,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
|
||||
replacement_sources: [OSV Fastify]
|
||||
- name: OSV Fastify
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1139,6 +1232,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
|
||||
replacement_sources: [OSV Hapi]
|
||||
- name: OSV Hapi
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1198,6 +1294,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
|
||||
replacement_sources: [OSV Undici]
|
||||
- name: OSV Undici
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1227,6 +1326,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
|
||||
replacement_sources: [OSV webpack]
|
||||
- name: OSV webpack
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1256,6 +1358,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
|
||||
replacement_sources: [OSV esbuild]
|
||||
- name: OSV esbuild
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1292,6 +1397,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
|
||||
replacement_sources: [Spring Security Advisories]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1326,6 +1434,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
replacement_sources: [Spring Security Advisories]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1358,6 +1469,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
replacement_sources: [Spring Security Advisories]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1383,6 +1497,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
replacement_sources: [OSV Laravel]
|
||||
- name: OSV Laravel
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1412,6 +1529,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
|
||||
replacement_sources: [OSV Symfony]
|
||||
- name: OSV Symfony
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1444,6 +1564,29 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [django]
|
||||
max_items: 60
|
||||
status: retired
|
||||
retired_reason: Official security tag feed became unstable; use official weblog index and release archive instead.
|
||||
replacement_sources: [Django Security Weblog, Django Security Releases Archive]
|
||||
- name: Django Security Weblog
|
||||
kind: vendor-index
|
||||
url: https://www.djangoproject.com/weblog/
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [django, security, release]
|
||||
max_items: 60
|
||||
parser_hints:
|
||||
keywords: [django, security, release]
|
||||
include_url_patterns: [/weblog/]
|
||||
- name: Django Security Releases Archive
|
||||
kind: vendor-index
|
||||
url: https://docs.djangoproject.com/en/dev/releases/security/
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [django, security]
|
||||
max_items: 40
|
||||
parser_hints:
|
||||
keywords: [django, security]
|
||||
include_url_patterns: [/releases/security/]
|
||||
- name: OSV Django
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1477,6 +1620,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
|
||||
replacement_sources: [OSV Flask]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1506,6 +1652,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
|
||||
replacement_sources: [OSV Werkzeug]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1531,6 +1680,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
|
||||
replacement_sources: [OSV Rails]
|
||||
- name: OSV Rails
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1798,6 +1950,16 @@ systems:
|
||||
advisory_mode: server
|
||||
keywords: [haproxy, security]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
|
||||
replacement_sources: [HAProxy Blog Feed]
|
||||
- name: HAProxy Blog Feed
|
||||
kind: rss-feed
|
||||
url: https://www.haproxy.com/feed/
|
||||
confidence: official
|
||||
advisory_mode: server
|
||||
keywords: [haproxy, security, cve]
|
||||
max_items: 40
|
||||
- name: NVD HAProxy
|
||||
kind: nvd-search
|
||||
keyword: HAProxy
|
||||
@@ -2041,6 +2203,9 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [mattermost]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD Mattermost]
|
||||
- name: NVD Mattermost
|
||||
kind: nvd-search
|
||||
keyword: Mattermost
|
||||
|
||||
@@ -88,18 +88,20 @@
|
||||
<div class="meta">工作台内置镜像页:89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
|
||||
<pre># 全库 Advisory 完整度报告
|
||||
|
||||
- 生成时间: `2026-03-18T14:45:55+00:00`
|
||||
- 最新 advisory 完整度: `0/5` `verified-real`
|
||||
- 生成时间: `2026-03-18T17:52:49+00:00`
|
||||
- 最新 advisory 完整度: `0/0` `verified-real`
|
||||
- 合成验证数量: `0`
|
||||
- 阻塞数量: `0`
|
||||
- 人工/待补证据数量: `5`
|
||||
- 人工/待补证据数量: `0`
|
||||
- 完整度百分比: `0.0%`
|
||||
- active source 全绿: `110/110`
|
||||
- source open alerts: `0`
|
||||
- 最近一次 source 全绿: `2026-03-18T17:44:31+00:00`
|
||||
|
||||
## 系统覆盖矩阵
|
||||
|
||||
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
|
||||
| --- | ---: | ---: | ---: | ---: | ---: | --- |
|
||||
| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
|
||||
|
||||
## 历史阻塞项修复纪要
|
||||
|
||||
@@ -107,39 +109,14 @@
|
||||
- Family profiles previously used note-only attack runners and dry-run placeholders.
|
||||
- Baseline and browser steps were skipped when environment readiness was not enforced.
|
||||
- Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
|
||||
- Source health now counts only status=active sources; retired sources are audited separately with replacement links.
|
||||
|
||||
## Ingest / Source 健康度
|
||||
|
||||
- source failures: `29`
|
||||
- drupal::Drupal Security Advisories Site::HTTPError
|
||||
- discourse::Discourse Meta Security::HTTPError
|
||||
- adobe-commerce::Adobe Security Bulletins::ConnectionError
|
||||
- react::GitHub Global Advisories::TypeError
|
||||
- nextjs::GitHub Global Advisories::AttributeError
|
||||
- vue::GitHub Global Advisories::HTTPError
|
||||
- nuxt::GitHub Global Advisories::HTTPError
|
||||
- vite::GitHub Global Advisories::HTTPError
|
||||
- angular::GitHub Global Advisories::HTTPError
|
||||
- sveltekit::GitHub Global Advisories::HTTPError
|
||||
- astro::GitHub Global Advisories::HTTPError
|
||||
- express::GitHub Global Advisories::HTTPError
|
||||
- nestjs::GitHub Global Advisories::HTTPError
|
||||
- koa::GitHub Global Advisories::HTTPError
|
||||
- fastify::GitHub Global Advisories::HTTPError
|
||||
- hapi::GitHub Global Advisories::HTTPError
|
||||
- undici::GitHub Global Advisories::HTTPError
|
||||
- webpack::GitHub Global Advisories::HTTPError
|
||||
- esbuild::GitHub Global Advisories::HTTPError
|
||||
- spring-framework::GitHub Global Advisories::HTTPError
|
||||
- spring-security::GitHub Global Advisories::HTTPError
|
||||
- spring-boot::GitHub Global Advisories::HTTPError
|
||||
- laravel::GitHub Global Advisories::HTTPError
|
||||
- symfony::GitHub Global Advisories::HTTPError
|
||||
- django::Django Security RSS::HTTPError
|
||||
- flask::GitHub Global Advisories::HTTPError
|
||||
- werkzeug::GitHub Global Advisories::HTTPError
|
||||
- rails::GitHub Global Advisories::HTTPError
|
||||
- haproxy::HAProxy Security Advisories::HTTPError
|
||||
- source failures: `0`
|
||||
- active sources: `110`
|
||||
- green sources: `110`
|
||||
- open alerts: `0`
|
||||
|
||||
## 剩余风险说明
|
||||
|
||||
|
||||
@@ -1,90 +1,32 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T14:45:55+00:00",
|
||||
"advisory_count": 5,
|
||||
"generated_at": "2026-03-18T17:52:49+00:00",
|
||||
"advisory_count": 0,
|
||||
"run_count": 140,
|
||||
"statuses": {
|
||||
"triage-manual": 5
|
||||
},
|
||||
"statuses": {},
|
||||
"run_statuses": {
|
||||
"verified-real": 136,
|
||||
"blocked-artifact": 3,
|
||||
"triage-manual": 1
|
||||
},
|
||||
"recent_failures": [
|
||||
{
|
||||
"run_id": null,
|
||||
"advisory_id": "nextjs--CVE-2026-27979",
|
||||
"status": "triage-manual",
|
||||
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": null,
|
||||
"advisory_id": "nextjs--CVE-2026-27980",
|
||||
"status": "triage-manual",
|
||||
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": null,
|
||||
"advisory_id": "nextjs--CVE-2026-29057",
|
||||
"status": "triage-manual",
|
||||
"title": "Next.js: HTTP request smuggling in rewrites",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": null,
|
||||
"advisory_id": "nextjs--CVE-2026-27978",
|
||||
"status": "triage-manual",
|
||||
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": null,
|
||||
"advisory_id": "nextjs--CVE-2026-27977",
|
||||
"status": "triage-manual",
|
||||
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
|
||||
"blocked_reason": null
|
||||
}
|
||||
],
|
||||
"systems": [
|
||||
{
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"total": 5,
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 5,
|
||||
"browser_required": 0,
|
||||
"browser_present": 0,
|
||||
"latest_update": "2026-03-17T16:31:34.160932Z",
|
||||
"category": "frameworks",
|
||||
"tier": "history-full",
|
||||
"output_dir": "07-framework-security/frameworks/nextjs",
|
||||
"families": [
|
||||
{
|
||||
"family": "proxy-boundary",
|
||||
"total": 4,
|
||||
"verified_real": 0,
|
||||
"manual": 4
|
||||
},
|
||||
{
|
||||
"family": "request-smuggling",
|
||||
"total": 1,
|
||||
"verified_real": 0,
|
||||
"manual": 1
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"recent_failures": [],
|
||||
"monitoring": {
|
||||
"active_source_count": 110,
|
||||
"green_source_count": 110,
|
||||
"source_failure_count": 0,
|
||||
"open_alert_count": 0,
|
||||
"last_fully_green_run": "2026-03-18T17:44:31+00:00"
|
||||
},
|
||||
"systems": [],
|
||||
"completeness": {
|
||||
"advisory_total": 5,
|
||||
"advisory_total": 0,
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 5,
|
||||
"manual": 0,
|
||||
"verified_ratio": 0.0,
|
||||
"complete": false
|
||||
"complete": false,
|
||||
"source_failure_count": 0,
|
||||
"active_source_count": 110,
|
||||
"open_alert_count": 0
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,31 +1 @@
|
||||
[
|
||||
{
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"total": 5,
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 5,
|
||||
"browser_required": 0,
|
||||
"browser_present": 0,
|
||||
"latest_update": "2026-03-17T16:31:34.160932Z",
|
||||
"category": "frameworks",
|
||||
"tier": "history-full",
|
||||
"output_dir": "07-framework-security/frameworks/nextjs",
|
||||
"families": [
|
||||
{
|
||||
"family": "proxy-boundary",
|
||||
"total": 4,
|
||||
"verified_real": 0,
|
||||
"manual": 4
|
||||
},
|
||||
{
|
||||
"family": "request-smuggling",
|
||||
"total": 1,
|
||||
"verified_real": 0,
|
||||
"manual": 1
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
[]
|
||||
|
||||
@@ -1,43 +1,11 @@
|
||||
# 最新同步摘要
|
||||
|
||||
- 渲染时间: `2026-03-18T14:45:54+00:00`
|
||||
- 渲染时间: `2026-03-18T17:52:48+00:00`
|
||||
- 系统数量: `62`
|
||||
- Advisory 数量: `5`
|
||||
- 重点 Markdown 数量: `5`
|
||||
- Advisory 数量: `0`
|
||||
- 重点 Markdown 数量: `0`
|
||||
- Run Bundle 数量: `89`
|
||||
- 新增记录: `5`
|
||||
- 新增记录: `0`
|
||||
- 更新记录: `0`
|
||||
- Triage 数量: `0`
|
||||
- 失败的 source adapter: `29`
|
||||
|
||||
## 失败列表
|
||||
|
||||
- drupal::Drupal Security Advisories Site::HTTPError
|
||||
- discourse::Discourse Meta Security::HTTPError
|
||||
- adobe-commerce::Adobe Security Bulletins::ConnectionError
|
||||
- react::GitHub Global Advisories::TypeError
|
||||
- nextjs::GitHub Global Advisories::AttributeError
|
||||
- vue::GitHub Global Advisories::HTTPError
|
||||
- nuxt::GitHub Global Advisories::HTTPError
|
||||
- vite::GitHub Global Advisories::HTTPError
|
||||
- angular::GitHub Global Advisories::HTTPError
|
||||
- sveltekit::GitHub Global Advisories::HTTPError
|
||||
- astro::GitHub Global Advisories::HTTPError
|
||||
- express::GitHub Global Advisories::HTTPError
|
||||
- nestjs::GitHub Global Advisories::HTTPError
|
||||
- koa::GitHub Global Advisories::HTTPError
|
||||
- fastify::GitHub Global Advisories::HTTPError
|
||||
- hapi::GitHub Global Advisories::HTTPError
|
||||
- undici::GitHub Global Advisories::HTTPError
|
||||
- webpack::GitHub Global Advisories::HTTPError
|
||||
- esbuild::GitHub Global Advisories::HTTPError
|
||||
- spring-framework::GitHub Global Advisories::HTTPError
|
||||
- spring-security::GitHub Global Advisories::HTTPError
|
||||
- spring-boot::GitHub Global Advisories::HTTPError
|
||||
- laravel::GitHub Global Advisories::HTTPError
|
||||
- symfony::GitHub Global Advisories::HTTPError
|
||||
- django::Django Security RSS::HTTPError
|
||||
- flask::GitHub Global Advisories::HTTPError
|
||||
- werkzeug::GitHub Global Advisories::HTTPError
|
||||
- rails::GitHub Global Advisories::HTTPError
|
||||
- haproxy::HAProxy Security Advisories::HTTPError
|
||||
- 失败的 source adapter: `0`
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T17:44:31+00:00",
|
||||
"active_source_count": 110,
|
||||
"green_source_count": 110,
|
||||
"source_failure_count": 0,
|
||||
"open_alert_count": 0,
|
||||
"resolved_alert_count": 0,
|
||||
"last_fully_green_run": "2026-03-18T17:44:31+00:00",
|
||||
"source_catalog": {
|
||||
"system_count": 62,
|
||||
"source_count": 146,
|
||||
"retired_source_count": 36
|
||||
},
|
||||
"ingest": {
|
||||
"new_count": 0,
|
||||
"updated_count": 0,
|
||||
"failure_count": 0,
|
||||
"systems_touched": []
|
||||
},
|
||||
"validation": {
|
||||
"passed": true,
|
||||
"error_count": 0,
|
||||
"errors": []
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,447 @@
|
||||
[
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "Adobe Security Bulletins",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.",
|
||||
"replacement_sources": [
|
||||
"Adobe Magento Security Index",
|
||||
"NVD Adobe Commerce",
|
||||
"GHSA Adobe Commerce"
|
||||
],
|
||||
"url": "https://helpx.adobe.com/security/products/magento.html"
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "GHSA Adobe Commerce",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Adobe Magento Security Index",
|
||||
"NVD Adobe Commerce"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "Sansec Research",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "vendor-index",
|
||||
"retired_reason": "Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.",
|
||||
"replacement_sources": [
|
||||
"GHSA Adobe Commerce",
|
||||
"Adobe Magento Security Index"
|
||||
],
|
||||
"url": "https://sansec.io/research"
|
||||
},
|
||||
{
|
||||
"system_id": "angular",
|
||||
"display_name": "Angular",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Angular"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "astro",
|
||||
"display_name": "Astro",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Astro"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "discourse",
|
||||
"display_name": "Discourse",
|
||||
"source_name": "Discourse Meta Security",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Meta security category HTML changed and no longer provides stable scrape semantics for health checks.",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS",
|
||||
"GitHub Discourse Advisories"
|
||||
],
|
||||
"url": "https://meta.discourse.org/c/bug/security/40"
|
||||
},
|
||||
{
|
||||
"system_id": "discourse",
|
||||
"display_name": "Discourse",
|
||||
"source_name": "GitHub Discourse Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.",
|
||||
"replacement_sources": [
|
||||
"Discourse Release Notes RSS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "django",
|
||||
"display_name": "Django",
|
||||
"source_name": "Django Security RSS",
|
||||
"bucket": "official_sources",
|
||||
"kind": "rss-feed",
|
||||
"retired_reason": "Official security tag feed became unstable; use official weblog index and release archive instead.",
|
||||
"replacement_sources": [
|
||||
"Django Security Weblog",
|
||||
"Django Security Releases Archive"
|
||||
],
|
||||
"url": "https://www.djangoproject.com/weblog/feeds/tags/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "drupal",
|
||||
"display_name": "Drupal",
|
||||
"source_name": "Drupal Security Advisories Site",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.",
|
||||
"replacement_sources": [
|
||||
"Drupal Security Advisories RSS",
|
||||
"GHSA Drupal Core"
|
||||
],
|
||||
"url": "https://www.drupal.org/security"
|
||||
},
|
||||
{
|
||||
"system_id": "drupal",
|
||||
"display_name": "Drupal",
|
||||
"source_name": "GHSA Drupal Core",
|
||||
"bucket": "ecosystem_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Drupal Security Advisories RSS",
|
||||
"NVD Drupal"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "esbuild",
|
||||
"display_name": "esbuild",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV esbuild"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "express",
|
||||
"display_name": "Express",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Express"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "fastify",
|
||||
"display_name": "Fastify",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Fastify"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "flask",
|
||||
"display_name": "Flask",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Flask"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "hapi",
|
||||
"display_name": "Hapi",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Hapi"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "haproxy",
|
||||
"display_name": "HAProxy",
|
||||
"source_name": "HAProxy Security Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Legacy haproxy.org security page no longer yields stable scrape results for monitoring.",
|
||||
"replacement_sources": [
|
||||
"HAProxy Blog Feed"
|
||||
],
|
||||
"url": "https://www.haproxy.org/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "koa",
|
||||
"display_name": "Koa",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Koa"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "laravel",
|
||||
"display_name": "Laravel",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Laravel"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "mattermost",
|
||||
"display_name": "Mattermost",
|
||||
"source_name": "Mattermost Security Updates",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"NVD Mattermost"
|
||||
],
|
||||
"url": "https://mattermost.com/security-updates/"
|
||||
},
|
||||
{
|
||||
"system_id": "mediawiki",
|
||||
"display_name": "MediaWiki",
|
||||
"source_name": "MediaWiki Security Releases",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"NVD MediaWiki"
|
||||
],
|
||||
"url": "https://www.mediawiki.org/wiki/Security"
|
||||
},
|
||||
{
|
||||
"system_id": "moodle",
|
||||
"display_name": "Moodle",
|
||||
"source_name": "Moodle Security News",
|
||||
"bucket": "official_sources",
|
||||
"kind": "html-links",
|
||||
"retired_reason": "Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.",
|
||||
"replacement_sources": [
|
||||
"NVD Moodle"
|
||||
],
|
||||
"url": "https://moodle.org/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "nestjs",
|
||||
"display_name": "NestJS",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV NestJS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"GitHub Next.js Advisories",
|
||||
"OSV Next.js"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "nuxt",
|
||||
"display_name": "Nuxt",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Nuxt Security",
|
||||
"OSV Nuxt"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "rails",
|
||||
"display_name": "Ruby on Rails",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Rails"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "react",
|
||||
"display_name": "React",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"GitHub React Advisories",
|
||||
"OSV React"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "spring-boot",
|
||||
"display_name": "Spring Boot",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "spring-framework",
|
||||
"display_name": "Spring Framework",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "spring-security",
|
||||
"display_name": "Spring Security",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
|
||||
"replacement_sources": [
|
||||
"Spring Security Advisories"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "sveltekit",
|
||||
"display_name": "SvelteKit",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV SvelteKit"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "symfony",
|
||||
"display_name": "Symfony",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Symfony"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "undici",
|
||||
"display_name": "Undici",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV Undici"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "vite",
|
||||
"display_name": "Vite",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Vite Security",
|
||||
"OSV Vite"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "vue",
|
||||
"display_name": "Vue",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.",
|
||||
"replacement_sources": [
|
||||
"Vue Security",
|
||||
"OSV Vue"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "webpack",
|
||||
"display_name": "webpack",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.",
|
||||
"replacement_sources": [
|
||||
"OSV webpack"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "werkzeug",
|
||||
"display_name": "Werkzeug",
|
||||
"source_name": "GitHub Global Advisories",
|
||||
"bucket": "official_sources",
|
||||
"kind": "ghsa-global",
|
||||
"retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.",
|
||||
"replacement_sources": [
|
||||
"OSV Werkzeug"
|
||||
],
|
||||
"url": ""
|
||||
}
|
||||
]
|
||||
@@ -1,44 +1,12 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T14:45:54+00:00",
|
||||
"generated_at": "2026-03-18T17:52:48+00:00",
|
||||
"system_count": 62,
|
||||
"advisory_count": 5,
|
||||
"markdown_count": 5,
|
||||
"new_count": 5,
|
||||
"advisory_count": 0,
|
||||
"markdown_count": 0,
|
||||
"new_count": 0,
|
||||
"updated_count": 0,
|
||||
"systems_touched": [
|
||||
"nextjs"
|
||||
],
|
||||
"systems_touched": [],
|
||||
"triage_count": 0,
|
||||
"run_bundle_count": 89,
|
||||
"failures": [
|
||||
"drupal::Drupal Security Advisories Site::HTTPError",
|
||||
"discourse::Discourse Meta Security::HTTPError",
|
||||
"adobe-commerce::Adobe Security Bulletins::ConnectionError",
|
||||
"react::GitHub Global Advisories::TypeError",
|
||||
"nextjs::GitHub Global Advisories::AttributeError",
|
||||
"vue::GitHub Global Advisories::HTTPError",
|
||||
"nuxt::GitHub Global Advisories::HTTPError",
|
||||
"vite::GitHub Global Advisories::HTTPError",
|
||||
"angular::GitHub Global Advisories::HTTPError",
|
||||
"sveltekit::GitHub Global Advisories::HTTPError",
|
||||
"astro::GitHub Global Advisories::HTTPError",
|
||||
"express::GitHub Global Advisories::HTTPError",
|
||||
"nestjs::GitHub Global Advisories::HTTPError",
|
||||
"koa::GitHub Global Advisories::HTTPError",
|
||||
"fastify::GitHub Global Advisories::HTTPError",
|
||||
"hapi::GitHub Global Advisories::HTTPError",
|
||||
"undici::GitHub Global Advisories::HTTPError",
|
||||
"webpack::GitHub Global Advisories::HTTPError",
|
||||
"esbuild::GitHub Global Advisories::HTTPError",
|
||||
"spring-framework::GitHub Global Advisories::HTTPError",
|
||||
"spring-security::GitHub Global Advisories::HTTPError",
|
||||
"spring-boot::GitHub Global Advisories::HTTPError",
|
||||
"laravel::GitHub Global Advisories::HTTPError",
|
||||
"symfony::GitHub Global Advisories::HTTPError",
|
||||
"django::Django Security RSS::HTTPError",
|
||||
"flask::GitHub Global Advisories::HTTPError",
|
||||
"werkzeug::GitHub Global Advisories::HTTPError",
|
||||
"rails::GitHub Global Advisories::HTTPError",
|
||||
"haproxy::HAProxy Security Advisories::HTTPError"
|
||||
]
|
||||
"failures": []
|
||||
}
|
||||
|
||||
文件差异内容过多而无法显示
加载差异
@@ -0,0 +1,48 @@
|
||||
# Source Catalog Audit
|
||||
|
||||
- generated_at: `2026-03-18T17:41:42+00:00`
|
||||
- systems: `62`
|
||||
- sources: `146`
|
||||
- active_sources: `110`
|
||||
- retired_sources: `36`
|
||||
- systems_with_active_official: `62/62`
|
||||
- systems_with_machine_readable_source: `57/62`
|
||||
|
||||
## Retired Sources
|
||||
|
||||
- `adobe-commerce` `Adobe Security Bulletins` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
|
||||
- `adobe-commerce` `GHSA Adobe Commerce` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
|
||||
- `adobe-commerce` `Sansec Research` -> replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
|
||||
- `angular` `GitHub Global Advisories` -> replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
|
||||
- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
|
||||
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
|
||||
- `drupal` `Drupal Security Advisories Site` -> replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
|
||||
- `drupal` `GHSA Drupal Core` -> replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
|
||||
- `esbuild` `GitHub Global Advisories` -> replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
|
||||
- `express` `GitHub Global Advisories` -> replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
|
||||
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
|
||||
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
|
||||
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
|
||||
- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
|
||||
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `mediawiki` `MediaWiki Security Releases` -> replacements: `NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
|
||||
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
|
||||
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
|
||||
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
|
||||
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
|
||||
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
|
||||
- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
|
||||
- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
|
||||
- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
|
||||
- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
|
||||
文件差异内容过多而无法显示
加载差异
@@ -1,72 +0,0 @@
|
||||
{
|
||||
"canonical_id": "nextjs--CVE-2026-27977",
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"category": "frameworks",
|
||||
"advisory_mode": "core",
|
||||
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
|
||||
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
|
||||
"published_at": "2026-03-17T15:29:48Z",
|
||||
"updated_at": "2026-03-17T15:46:26.028580Z",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27977",
|
||||
"GHSA-jcc7-9wpm-mj36"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2026-27977"
|
||||
],
|
||||
"ghsa_ids": [
|
||||
"GHSA-jcc7-9wpm-mj36"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-jcc7-9wpm-mj36"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=16.0.1, fixed<16.1.7"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"16.1.7"
|
||||
],
|
||||
"package_name": "next",
|
||||
"render_markdown": true,
|
||||
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "nextjs-proxy-boundary",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Next.js"
|
||||
],
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
{
|
||||
"canonical_id": "nextjs--CVE-2026-27978",
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"category": "frameworks",
|
||||
"advisory_mode": "core",
|
||||
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
|
||||
"summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
|
||||
"published_at": "2026-03-17T15:30:14Z",
|
||||
"updated_at": "2026-03-17T15:46:43.484729Z",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27978",
|
||||
"GHSA-mq59-m269-xvcx"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2026-27978"
|
||||
],
|
||||
"ghsa_ids": [
|
||||
"GHSA-mq59-m269-xvcx"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-mq59-m269-xvcx"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=16.0.1, fixed<16.1.7"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"16.1.7"
|
||||
],
|
||||
"package_name": "next",
|
||||
"render_markdown": true,
|
||||
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "nextjs-proxy-boundary",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Next.js"
|
||||
],
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
{
|
||||
"canonical_id": "nextjs--CVE-2026-27979",
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"category": "frameworks",
|
||||
"advisory_mode": "core",
|
||||
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
|
||||
"summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
|
||||
"published_at": "2026-03-17T16:16:49Z",
|
||||
"updated_at": "2026-03-17T16:31:34.160932Z",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27979",
|
||||
"GHSA-h27x-g6w4-24gq"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2026-27979"
|
||||
],
|
||||
"ghsa_ids": [
|
||||
"GHSA-h27x-g6w4-24gq"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-h27x-g6w4-24gq"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=16.0.1, fixed<16.1.7"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"16.1.7"
|
||||
],
|
||||
"package_name": "next",
|
||||
"render_markdown": true,
|
||||
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "nextjs-proxy-boundary",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Next.js"
|
||||
],
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
{
|
||||
"canonical_id": "nextjs--CVE-2026-27980",
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"category": "frameworks",
|
||||
"advisory_mode": "core",
|
||||
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
|
||||
"summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
|
||||
"published_at": "2026-03-17T16:17:06Z",
|
||||
"updated_at": "2026-03-17T16:31:33.597080Z",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-27980",
|
||||
"GHSA-3x4c-7xq6-9pq8"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2026-27980"
|
||||
],
|
||||
"ghsa_ids": [
|
||||
"GHSA-3x4c-7xq6-9pq8"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-3x4c-7xq6-9pq8"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=10.0.0, fixed<16.1.7"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"16.1.7"
|
||||
],
|
||||
"package_name": "next",
|
||||
"render_markdown": true,
|
||||
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "nextjs-proxy-boundary",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Next.js"
|
||||
],
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
{
|
||||
"canonical_id": "nextjs--CVE-2026-29057",
|
||||
"system_id": "nextjs",
|
||||
"display_name": "Next.js",
|
||||
"category": "frameworks",
|
||||
"advisory_mode": "core",
|
||||
"title": "Next.js: HTTP request smuggling in rewrites",
|
||||
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
|
||||
"published_at": "2026-03-17T16:17:15Z",
|
||||
"updated_at": "2026-03-17T16:31:26.646070Z",
|
||||
"severity": "medium",
|
||||
"cvss_score": 4.0,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
|
||||
"https://github.com/vercel/next.js",
|
||||
"https://github.com/vercel/next.js/releases/tag/v15.5.13",
|
||||
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-29057",
|
||||
"GHSA-ggv3-7p47-pfv8"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2026-29057"
|
||||
],
|
||||
"ghsa_ids": [
|
||||
"GHSA-ggv3-7p47-pfv8"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-ggv3-7p47-pfv8"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=16.0.0-beta.0, fixed<16.1.7",
|
||||
"introduced=9.5.0, fixed<15.5.13"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"16.1.7",
|
||||
"15.5.13"
|
||||
],
|
||||
"package_name": "next",
|
||||
"render_markdown": true,
|
||||
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage",
|
||||
"request-smuggling-boundary",
|
||||
"dependency-upgrade-policy"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "request-smuggling-generic",
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Next.js"
|
||||
],
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
文件差异内容过多而无法显示
加载差异
@@ -3,10 +3,10 @@
|
||||
"display_name": "Next.js",
|
||||
"category": "frameworks",
|
||||
"tier": "history-full",
|
||||
"total": 5,
|
||||
"markdown_cases": 5,
|
||||
"total": 0,
|
||||
"markdown_cases": 0,
|
||||
"triage_count": 0,
|
||||
"latest_update": "2026-03-17T16:31:34.160932Z",
|
||||
"latest_update": "",
|
||||
"output_dir": "07-framework-security/frameworks/nextjs",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
@@ -16,12 +16,6 @@
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked_count": 0,
|
||||
"manual_count": 5,
|
||||
"items": [
|
||||
"nextjs--CVE-2026-29057",
|
||||
"nextjs--CVE-2026-27980",
|
||||
"nextjs--CVE-2026-27979",
|
||||
"nextjs--CVE-2026-27978",
|
||||
"nextjs--CVE-2026-27977"
|
||||
]
|
||||
"manual_count": 0,
|
||||
"items": []
|
||||
}
|
||||
|
||||
@@ -86,6 +86,17 @@ systems:
|
||||
advisory_mode: module
|
||||
keywords: [drupal, module, sa-contrib]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
|
||||
replacement_sources: [Drupal Security Advisories RSS, GHSA Drupal Core]
|
||||
- name: GHSA Drupal Core
|
||||
kind: ghsa-global
|
||||
ecosystem: composer
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
|
||||
replacement_sources: [Drupal Security Advisories RSS, NVD Drupal]
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: composer
|
||||
@@ -237,6 +248,9 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [mediawiki, security]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD MediaWiki]
|
||||
- name: NVD MediaWiki
|
||||
kind: nvd-search
|
||||
keyword: MediaWiki
|
||||
@@ -267,6 +281,9 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [moodle, security]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD Moodle]
|
||||
- name: NVD Moodle
|
||||
kind: nvd-search
|
||||
keyword: Moodle
|
||||
@@ -297,13 +314,24 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [discourse, security]
|
||||
max_items: 50
|
||||
- name: GitHub Discourse Advisories
|
||||
kind: html-links
|
||||
url: https://github.com/discourse/discourse/security/advisories
|
||||
status: retired
|
||||
retired_reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
replacement_sources: [Discourse Release Notes RSS, GitHub Discourse Advisories]
|
||||
- name: Discourse Release Notes RSS
|
||||
kind: rss-feed
|
||||
url: https://meta.discourse.org/tag/release-notes.rss
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [discourse]
|
||||
max_items: 50
|
||||
keywords: [discourse, security, cve]
|
||||
max_items: 60
|
||||
- name: GitHub Discourse Advisories
|
||||
kind: ghsa-global
|
||||
ecosystem: rubygems
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
replacement_sources: [Discourse Release Notes RSS]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -330,6 +358,24 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [adobe commerce, magento, apsb]
|
||||
max_items: 60
|
||||
status: retired
|
||||
retired_reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
|
||||
replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce]
|
||||
- name: Adobe Magento Security Index
|
||||
kind: vendor-index
|
||||
url: https://helpx.adobe.com/security/products/magento.html
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [adobe commerce, magento, apsb, security]
|
||||
max_items: 60
|
||||
request_policy:
|
||||
user_agent: python-requests/2.31.0
|
||||
timeout_seconds: 45
|
||||
verify_tls: false
|
||||
http_version: "1.1"
|
||||
parser_hints:
|
||||
keywords: [adobe commerce, magento, apsb, security]
|
||||
include_url_patterns: [magento, security, APSB]
|
||||
- name: NVD Adobe Commerce
|
||||
kind: nvd-search
|
||||
keyword: Adobe Commerce
|
||||
@@ -337,13 +383,24 @@ systems:
|
||||
advisory_mode: core
|
||||
results_per_page: 50
|
||||
ecosystem_sources:
|
||||
- name: GHSA Adobe Commerce
|
||||
kind: ghsa-global
|
||||
ecosystem: composer
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
|
||||
replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce]
|
||||
- name: Sansec Research
|
||||
kind: html-links
|
||||
kind: vendor-index
|
||||
url: https://sansec.io/research
|
||||
confidence: ecosystem-authority
|
||||
advisory_mode: extension
|
||||
keywords: [magento, adobe commerce]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
|
||||
replacement_sources: [GHSA Adobe Commerce, Adobe Magento Security Index]
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: composer
|
||||
@@ -669,6 +726,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
|
||||
replacement_sources: [GitHub React Advisories, OSV React]
|
||||
- name: OSV React
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -707,6 +767,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
replacement_sources: [GitHub Next.js Advisories, OSV Next.js]
|
||||
- name: OSV Next.js
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -743,6 +806,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
|
||||
replacement_sources: [Vue Security, OSV Vue]
|
||||
- name: OSV Vue
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -781,6 +847,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
replacement_sources: [Nuxt Security, OSV Nuxt]
|
||||
- name: OSV Nuxt
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -817,6 +886,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
|
||||
replacement_sources: [Vite Security, OSV Vite]
|
||||
- name: OSV Vite
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -846,6 +918,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
|
||||
replacement_sources: [OSV Angular]
|
||||
- name: OSV Angular
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -877,6 +952,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
|
||||
replacement_sources: [OSV SvelteKit]
|
||||
- name: OSV SvelteKit
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -906,6 +984,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
|
||||
replacement_sources: [OSV Astro]
|
||||
- name: OSV Astro
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -935,6 +1016,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
|
||||
replacement_sources: [OSV Express]
|
||||
- name: OSV Express
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -964,6 +1048,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
replacement_sources: [OSV NestJS]
|
||||
- name: OSV NestJS
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -993,6 +1080,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
replacement_sources: [OSV Koa]
|
||||
- name: OSV Koa
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1022,6 +1112,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
|
||||
replacement_sources: [OSV Fastify]
|
||||
- name: OSV Fastify
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1051,6 +1144,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
|
||||
replacement_sources: [OSV Hapi]
|
||||
- name: OSV Hapi
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1110,6 +1206,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
|
||||
replacement_sources: [OSV Undici]
|
||||
- name: OSV Undici
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1139,6 +1238,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
|
||||
replacement_sources: [OSV webpack]
|
||||
- name: OSV webpack
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1168,6 +1270,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
|
||||
replacement_sources: [OSV esbuild]
|
||||
- name: OSV esbuild
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1204,6 +1309,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
|
||||
replacement_sources: [Spring Security Advisories]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1238,6 +1346,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
replacement_sources: [Spring Security Advisories]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1270,6 +1381,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
|
||||
replacement_sources: [Spring Security Advisories]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1295,6 +1409,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
replacement_sources: [OSV Laravel]
|
||||
- name: OSV Laravel
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1324,6 +1441,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
|
||||
replacement_sources: [OSV Symfony]
|
||||
- name: OSV Symfony
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1356,6 +1476,29 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [django]
|
||||
max_items: 60
|
||||
status: retired
|
||||
retired_reason: Official security tag feed became unstable; use official weblog index and release archive instead.
|
||||
replacement_sources: [Django Security Weblog, Django Security Releases Archive]
|
||||
- name: Django Security Weblog
|
||||
kind: vendor-index
|
||||
url: https://www.djangoproject.com/weblog/
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [django, security, release]
|
||||
max_items: 60
|
||||
parser_hints:
|
||||
keywords: [django, security, release]
|
||||
include_url_patterns: [/weblog/]
|
||||
- name: Django Security Releases Archive
|
||||
kind: vendor-index
|
||||
url: https://docs.djangoproject.com/en/dev/releases/security/
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [django, security]
|
||||
max_items: 40
|
||||
parser_hints:
|
||||
keywords: [django, security]
|
||||
include_url_patterns: [/releases/security/]
|
||||
- name: OSV Django
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1389,6 +1532,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
|
||||
replacement_sources: [OSV Flask]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1418,6 +1564,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
|
||||
replacement_sources: [OSV Werkzeug]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names:
|
||||
@@ -1443,6 +1592,9 @@ systems:
|
||||
name: GitHub Global Advisories
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
status: retired
|
||||
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
|
||||
replacement_sources: [OSV Rails]
|
||||
- name: OSV Rails
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
@@ -1710,6 +1862,16 @@ systems:
|
||||
advisory_mode: server
|
||||
keywords: [haproxy, security]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
|
||||
replacement_sources: [HAProxy Blog Feed]
|
||||
- name: HAProxy Blog Feed
|
||||
kind: rss-feed
|
||||
url: https://www.haproxy.com/feed/
|
||||
confidence: official
|
||||
advisory_mode: server
|
||||
keywords: [haproxy, security, cve]
|
||||
max_items: 40
|
||||
- name: NVD HAProxy
|
||||
kind: nvd-search
|
||||
keyword: HAProxy
|
||||
@@ -1953,6 +2115,9 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [mattermost]
|
||||
max_items: 50
|
||||
status: retired
|
||||
retired_reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
replacement_sources: [NVD Mattermost]
|
||||
- name: NVD Mattermost
|
||||
kind: nvd-search
|
||||
keyword: Mattermost
|
||||
|
||||
@@ -1,17 +1,19 @@
|
||||
# 全库 Advisory 完整度报告
|
||||
|
||||
- 生成时间: `2026-03-18T14:45:55+00:00`
|
||||
- 最新 advisory 完整度: `0/5` `verified-real`
|
||||
- 生成时间: `2026-03-18T17:52:49+00:00`
|
||||
- 最新 advisory 完整度: `0/0` `verified-real`
|
||||
- 合成验证数量: `0`
|
||||
- 阻塞数量: `0`
|
||||
- 人工/待补证据数量: `5`
|
||||
- 人工/待补证据数量: `0`
|
||||
- 完整度百分比: `0.0%`
|
||||
- active source 全绿: `110/110`
|
||||
- source open alerts: `0`
|
||||
- 最近一次 source 全绿: `2026-03-18T17:44:31+00:00`
|
||||
|
||||
## 系统覆盖矩阵
|
||||
|
||||
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
|
||||
| --- | ---: | ---: | ---: | ---: | ---: | --- |
|
||||
| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
|
||||
|
||||
## 历史阻塞项修复纪要
|
||||
|
||||
@@ -19,39 +21,14 @@
|
||||
- Family profiles previously used note-only attack runners and dry-run placeholders.
|
||||
- Baseline and browser steps were skipped when environment readiness was not enforced.
|
||||
- Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
|
||||
- Source health now counts only status=active sources; retired sources are audited separately with replacement links.
|
||||
|
||||
## Ingest / Source 健康度
|
||||
|
||||
- source failures: `29`
|
||||
- drupal::Drupal Security Advisories Site::HTTPError
|
||||
- discourse::Discourse Meta Security::HTTPError
|
||||
- adobe-commerce::Adobe Security Bulletins::ConnectionError
|
||||
- react::GitHub Global Advisories::TypeError
|
||||
- nextjs::GitHub Global Advisories::AttributeError
|
||||
- vue::GitHub Global Advisories::HTTPError
|
||||
- nuxt::GitHub Global Advisories::HTTPError
|
||||
- vite::GitHub Global Advisories::HTTPError
|
||||
- angular::GitHub Global Advisories::HTTPError
|
||||
- sveltekit::GitHub Global Advisories::HTTPError
|
||||
- astro::GitHub Global Advisories::HTTPError
|
||||
- express::GitHub Global Advisories::HTTPError
|
||||
- nestjs::GitHub Global Advisories::HTTPError
|
||||
- koa::GitHub Global Advisories::HTTPError
|
||||
- fastify::GitHub Global Advisories::HTTPError
|
||||
- hapi::GitHub Global Advisories::HTTPError
|
||||
- undici::GitHub Global Advisories::HTTPError
|
||||
- webpack::GitHub Global Advisories::HTTPError
|
||||
- esbuild::GitHub Global Advisories::HTTPError
|
||||
- spring-framework::GitHub Global Advisories::HTTPError
|
||||
- spring-security::GitHub Global Advisories::HTTPError
|
||||
- spring-boot::GitHub Global Advisories::HTTPError
|
||||
- laravel::GitHub Global Advisories::HTTPError
|
||||
- symfony::GitHub Global Advisories::HTTPError
|
||||
- django::Django Security RSS::HTTPError
|
||||
- flask::GitHub Global Advisories::HTTPError
|
||||
- werkzeug::GitHub Global Advisories::HTTPError
|
||||
- rails::GitHub Global Advisories::HTTPError
|
||||
- haproxy::HAProxy Security Advisories::HTTPError
|
||||
- source failures: `0`
|
||||
- active sources: `110`
|
||||
- green sources: `110`
|
||||
- open alerts: `0`
|
||||
|
||||
## 剩余风险说明
|
||||
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>Label</key>
|
||||
<string>com.hao.websafe.intel-monitor</string>
|
||||
<key>ProgramArguments</key>
|
||||
<array>
|
||||
<string>/bin/bash</string>
|
||||
<string>/Users/x/websafe/scripts/sync-gitea.sh</string>
|
||||
<string>--monitor-sync</string>
|
||||
</array>
|
||||
<key>WorkingDirectory</key>
|
||||
<string>/Users/x/websafe</string>
|
||||
<key>StartCalendarInterval</key>
|
||||
<dict>
|
||||
<key>Hour</key>
|
||||
<integer>2</integer>
|
||||
<key>Minute</key>
|
||||
<integer>17</integer>
|
||||
</dict>
|
||||
<key>RunAtLoad</key>
|
||||
<false/>
|
||||
<key>StandardOutPath</key>
|
||||
<string>/Users/x/Library/Logs/websafe-intel-monitor.out.log</string>
|
||||
<key>StandardErrorPath</key>
|
||||
<string>/Users/x/Library/Logs/websafe-intel-monitor.err.log</string>
|
||||
<key>EnvironmentVariables</key>
|
||||
<dict>
|
||||
<key>PATH</key>
|
||||
<string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
|
||||
</dict>
|
||||
</dict>
|
||||
</plist>
|
||||
@@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
PLIST_SOURCE="/Users/x/websafe/ops/launchd/com.hao.websafe.intel-monitor.plist"
|
||||
PLIST_TARGET="$HOME/Library/LaunchAgents/com.hao.websafe.intel-monitor.plist"
|
||||
LABEL="com.hao.websafe.intel-monitor"
|
||||
GUI_DOMAIN="gui/$(id -u)"
|
||||
|
||||
mkdir -p "$HOME/Library/LaunchAgents" "$HOME/Library/Logs"
|
||||
cp "$PLIST_SOURCE" "$PLIST_TARGET"
|
||||
|
||||
launchctl bootout "$GUI_DOMAIN" "$PLIST_TARGET" >/dev/null 2>&1 || true
|
||||
launchctl bootstrap "$GUI_DOMAIN" "$PLIST_TARGET"
|
||||
launchctl enable "$GUI_DOMAIN/$LABEL"
|
||||
|
||||
echo "Installed $LABEL"
|
||||
echo "Plist: $PLIST_TARGET"
|
||||
@@ -33,7 +33,7 @@ SOURCE_BUCKETS = ("official_sources", "ecosystem_sources", "research_sources")
|
||||
MACHINE_READABLE_SOURCE_KINDS = {"ghsa-global", "osv-batch", "nvd-search", "kev-json", "json-feed", "rss-feed", "atom-feed"}
|
||||
|
||||
DEFAULT_REQUEST_POLICY = {
|
||||
"user_agent": "websafe-intel",
|
||||
"user_agent": "python-requests/2.31.0",
|
||||
"accept": "",
|
||||
"timeout_seconds": 30,
|
||||
"verify_tls": True,
|
||||
|
||||
@@ -4,14 +4,12 @@ import time
|
||||
from typing import Any, Dict
|
||||
|
||||
import requests
|
||||
from requests.adapters import HTTPAdapter
|
||||
from urllib3.util.retry import Retry
|
||||
|
||||
from intel.config import DEFAULT_HEALTH_POLICY, DEFAULT_REQUEST_POLICY
|
||||
|
||||
|
||||
DEFAULT_TIMEOUT = 30
|
||||
DEFAULT_USER_AGENT = "websafe-intel"
|
||||
DEFAULT_USER_AGENT = "python-requests/2.31.0"
|
||||
|
||||
|
||||
def _request_policy(source: Dict[str, Any] | None = None) -> Dict[str, Any]:
|
||||
@@ -23,21 +21,8 @@ def _health_policy(source: Dict[str, Any] | None = None) -> Dict[str, Any]:
|
||||
|
||||
|
||||
def build_session(source: Dict[str, Any] | None = None) -> requests.Session:
|
||||
health_policy = _health_policy(source)
|
||||
session = requests.Session()
|
||||
retry = Retry(
|
||||
total=int(health_policy.get("retries") or 3),
|
||||
connect=int(health_policy.get("retries") or 3),
|
||||
read=int(health_policy.get("retries") or 3),
|
||||
status=int(health_policy.get("retries") or 3),
|
||||
backoff_factor=float(health_policy.get("backoff_seconds") or 0.5),
|
||||
allowed_methods=frozenset(["GET", "POST"]),
|
||||
status_forcelist=[429, 500, 502, 503, 504],
|
||||
raise_on_status=False,
|
||||
)
|
||||
adapter = HTTPAdapter(max_retries=retry)
|
||||
session.mount("https://", adapter)
|
||||
session.mount("http://", adapter)
|
||||
session.trust_env = True
|
||||
request_policy = _request_policy(source)
|
||||
headers = {"User-Agent": request_policy.get("user_agent") or DEFAULT_USER_AGENT}
|
||||
if request_policy.get("accept"):
|
||||
@@ -63,8 +48,6 @@ def request(
|
||||
headers["User-Agent"] = request_policy.get("user_agent") or DEFAULT_USER_AGENT
|
||||
if request_policy.get("accept") and "Accept" not in headers:
|
||||
headers["Accept"] = request_policy["accept"]
|
||||
if request_policy.get("http_version") == "1.1" and "Connection" not in headers:
|
||||
headers["Connection"] = "close"
|
||||
timeout_value = timeout if timeout != DEFAULT_TIMEOUT else int(request_policy.get("timeout_seconds") or DEFAULT_TIMEOUT)
|
||||
allow_redirects = kwargs.pop("allow_redirects", bool(request_policy.get("follow_redirects", True)))
|
||||
verify = kwargs.pop("verify", bool(request_policy.get("verify_tls", True)))
|
||||
|
||||
某些文件未显示,因为此 diff 中更改的文件太多 显示更多
在新工单中引用
屏蔽一个用户