hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 109 个文件 - 2026-03-18 10:55:52

浏览代码
这个提交包含在:
hao
2026-03-18 10:55:52 -07:00
父节点 1d5cb533e3
当前提交 1f9d9b1d16
修改 109 个文件,包含 10958 行新增1350 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

215
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{
&quot;generated_at&quot;: &quot;2026-03-18T14:45:55+00:00&quot;,
&quot;generated_at&quot;: &quot;2026-03-18T17:52:49+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [
@@ -119,7 +119,7 @@
},
{
&quot;label&quot;: &quot;当前漏洞条目&quot;,
&quot;value&quot;: &quot;5&quot;
&quot;value&quot;: &quot;0&quot;
}
],
&quot;fields&quot;: [
@@ -137,7 +137,7 @@
},
{
&quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-18T14:45:55+00:00&quot;
&quot;value&quot;: &quot;2026-03-18T17:52:49+00:00&quot;
}
],
&quot;links&quot;: [
@@ -356,6 +356,16 @@
&quot;href&quot;: &quot;/docs/source-map.html&quot;,
&quot;description&quot;: &quot;系统覆盖、来源和输出目录真值。&quot;
},
{
&quot;label&quot;: &quot;source catalog audit&quot;,
&quot;href&quot;: &quot;/docs/source-catalog-audit.html&quot;,
&quot;description&quot;: &quot;active/retired source 审计、替代关系与覆盖摘要。&quot;
},
{
&quot;label&quot;: &quot;retired sources&quot;,
&quot;href&quot;: &quot;/docs/retired-sources.html&quot;,
&quot;description&quot;: &quot;退役源、退役原因与 replacement map。&quot;
},
{
&quot;label&quot;: &quot;repro-map 真值&quot;,
&quot;href&quot;: &quot;/docs/repro-map.html&quot;,
@@ -386,6 +396,21 @@
&quot;href&quot;: &quot;/data/completeness.json&quot;,
&quot;description&quot;: &quot;最新 advisory 完整度、系统/family 进度与 ingest 健康度。&quot;
},
{
&quot;label&quot;: &quot;source-health.json&quot;,
&quot;href&quot;: &quot;/data/source-health.json&quot;,
&quot;description&quot;: &quot;active source 健康度、系统分布与失败分类。&quot;
},
{
&quot;label&quot;: &quot;alerts.json&quot;,
&quot;href&quot;: &quot;/data/alerts.json&quot;,
&quot;description&quot;: &quot;source 告警状态机、failure streak 与 resolved 记录。&quot;
},
{
&quot;label&quot;: &quot;monitor-summary.json&quot;,
&quot;href&quot;: &quot;/data/monitor-summary.json&quot;,
&quot;description&quot;: &quot;每日监控摘要、open alerts 与最近全绿时间。&quot;
},
{
&quot;label&quot;: &quot;runs.json&quot;,
&quot;href&quot;: &quot;/runs.json&quot;,
@@ -410,6 +435,11 @@
&quot;label&quot;: &quot;architecture.json&quot;,
&quot;href&quot;: &quot;/architecture.json&quot;,
&quot;description&quot;: &quot;当前架构库结构化 JSON。&quot;
},
{
&quot;label&quot;: &quot;source-catalog-audit.json&quot;,
&quot;href&quot;: &quot;/data/source-catalog-audit.json&quot;,
&quot;description&quot;: &quot;source catalog 审计真值与 retired/replacement 关系。&quot;
}
],
&quot;fields&quot;: [
@@ -572,7 +602,7 @@
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;官方源 3&quot;,
&quot;生态源 0&quot;,
&quot;研究源 0&quot;
],
@@ -606,7 +636,7 @@
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;官方来源&quot;,
&quot;value&quot;: &quot;Discourse Meta Security\nGitHub Discourse Advisories&quot;
&quot;value&quot;: &quot;Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories&quot;
},
{
&quot;label&quot;: &quot;生态来源&quot;,
@@ -658,7 +688,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 1&quot;,
&quot;生态源 2&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -695,7 +725,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;Drupal Security Advisories Site&quot;
&quot;value&quot;: &quot;Drupal Security Advisories Site\nGHSA Drupal Core&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -1528,7 +1558,7 @@
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;官方源 4&quot;,
&quot;生态源 0&quot;,
&quot;研究源 0&quot;
],
@@ -1562,7 +1592,7 @@
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;官方来源&quot;,
&quot;value&quot;: &quot;Django Security RSS\nOSV Django&quot;
&quot;value&quot;: &quot;Django Security RSS\nDjango Security Weblog\nDjango Security Releases Archive\nOSV Django&quot;
},
{
&quot;label&quot;: &quot;生态来源&quot;,
@@ -4800,7 +4830,7 @@
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;官方源 3&quot;,
&quot;生态源 0&quot;,
&quot;研究源 0&quot;
],
@@ -4834,7 +4864,7 @@
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;官方来源&quot;,
&quot;value&quot;: &quot;HAProxy Security Advisories\nNVD HAProxy&quot;
&quot;value&quot;: &quot;HAProxy Security Advisories\nHAProxy Blog Feed\nNVD HAProxy&quot;
},
{
&quot;label&quot;: &quot;生态来源&quot;,
@@ -5076,8 +5106,8 @@
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 1&quot;,
&quot;官方源 3&quot;,
&quot;生态源 2&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5110,11 +5140,11 @@
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;官方来源&quot;,
&quot;value&quot;: &quot;Adobe Security Bulletins\nNVD Adobe Commerce&quot;
&quot;value&quot;: &quot;Adobe Security Bulletins\nAdobe Magento Security Index\nNVD Adobe Commerce&quot;
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;Sansec Research&quot;
&quot;value&quot;: &quot;GHSA Adobe Commerce\nSansec Research&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5945,15 +5975,15 @@
},
{
&quot;label&quot;: &quot;Advisory 数&quot;,
&quot;value&quot;: &quot;5&quot;
&quot;value&quot;: &quot;0&quot;
},
{
&quot;label&quot;: &quot;状态类型&quot;,
&quot;value&quot;: &quot;1&quot;
&quot;value&quot;: &quot;0&quot;
},
{
&quot;label&quot;: &quot;最近失败&quot;,
&quot;value&quot;: &quot;5&quot;
&quot;value&quot;: &quot;0&quot;
}
],
&quot;items&quot;: [
@@ -5961,23 +5991,7 @@
&quot;title&quot;: &quot;状态分布&quot;,
&quot;summary&quot;: &quot;verification_status 当前计数。&quot;,
&quot;open&quot;: false,
&quot;items&quot;: [
{
&quot;title&quot;: &quot;人工分诊&quot;,
&quot;summary&quot;: &quot;当前累计 5 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;状态编码&quot;,
&quot;value&quot;: &quot;triage-manual&quot;
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;5&quot;
}
]
}
]
&quot;items&quot;: []
},
{
&quot;title&quot;: &quot;最近失败&quot;,
@@ -5985,134 +5999,9 @@
&quot;open&quot;: false,
&quot;items&quot;: [
{
&quot;title&quot;: &quot;Next.js: Unbounded postponed resume buffering can lead to DoS&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;nextjs--CVE-2026-27979&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Next.js: Unbounded next/image disk cache growth can exhaust storage&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;nextjs--CVE-2026-27980&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Next.js: HTTP request smuggling in rewrites&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;nextjs--CVE-2026-29057&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Next.js: null origin can bypass Server Actions CSRF checks&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;nextjs--CVE-2026-27978&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Next.js: null origin can bypass dev HMR websocket CSRF checks&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;nextjs--CVE-2026-27977&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
&quot;title&quot;: &quot;暂无失败样本&quot;,
&quot;summary&quot;: &quot;当前 summary.json 中没有 recent_failures&quot;,
&quot;open&quot;: false
}
]
}

2
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -125,7 +125,7 @@
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |

539
08-threat-intel/generated/dashboard/docs/retired-sources.html 普通文件
查看文件

@@ -0,0 +1,539 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Retired Sources &amp; Replacement Map</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="/overview/index.html">返回工作台</a>
</div>
<h1>Retired Sources &amp; Replacement Map</h1>
<div class="meta">工作台内置镜像页:退役源、退役原因和 replacement_sources 真值。</div>
<pre>[
{
&quot;system_id&quot;: &quot;adobe-commerce&quot;,
&quot;display_name&quot;: &quot;Adobe Commerce&quot;,
&quot;source_name&quot;: &quot;Adobe Security Bulletins&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.&quot;,
&quot;replacement_sources&quot;: [
&quot;Adobe Magento Security Index&quot;,
&quot;NVD Adobe Commerce&quot;,
&quot;GHSA Adobe Commerce&quot;
],
&quot;url&quot;: &quot;https://helpx.adobe.com/security/products/magento.html&quot;
},
{
&quot;system_id&quot;: &quot;adobe-commerce&quot;,
&quot;display_name&quot;: &quot;Adobe Commerce&quot;,
&quot;source_name&quot;: &quot;GHSA Adobe Commerce&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;Adobe Magento Security Index&quot;,
&quot;NVD Adobe Commerce&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;adobe-commerce&quot;,
&quot;display_name&quot;: &quot;Adobe Commerce&quot;,
&quot;source_name&quot;: &quot;Sansec Research&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;vendor-index&quot;,
&quot;retired_reason&quot;: &quot;Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.&quot;,
&quot;replacement_sources&quot;: [
&quot;GHSA Adobe Commerce&quot;,
&quot;Adobe Magento Security Index&quot;
],
&quot;url&quot;: &quot;https://sansec.io/research&quot;
},
{
&quot;system_id&quot;: &quot;angular&quot;,
&quot;display_name&quot;: &quot;Angular&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Angular&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;astro&quot;,
&quot;display_name&quot;: &quot;Astro&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Astro&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;discourse&quot;,
&quot;display_name&quot;: &quot;Discourse&quot;,
&quot;source_name&quot;: &quot;Discourse Meta Security&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Meta security category HTML changed and no longer provides stable scrape semantics for health checks.&quot;,
&quot;replacement_sources&quot;: [
&quot;Discourse Release Notes RSS&quot;,
&quot;GitHub Discourse Advisories&quot;
],
&quot;url&quot;: &quot;https://meta.discourse.org/c/bug/security/40&quot;
},
{
&quot;system_id&quot;: &quot;discourse&quot;,
&quot;display_name&quot;: &quot;Discourse&quot;,
&quot;source_name&quot;: &quot;GitHub Discourse Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.&quot;,
&quot;replacement_sources&quot;: [
&quot;Discourse Release Notes RSS&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;django&quot;,
&quot;display_name&quot;: &quot;Django&quot;,
&quot;source_name&quot;: &quot;Django Security RSS&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;rss-feed&quot;,
&quot;retired_reason&quot;: &quot;Official security tag feed became unstable; use official weblog index and release archive instead.&quot;,
&quot;replacement_sources&quot;: [
&quot;Django Security Weblog&quot;,
&quot;Django Security Releases Archive&quot;
],
&quot;url&quot;: &quot;https://www.djangoproject.com/weblog/feeds/tags/security/&quot;
},
{
&quot;system_id&quot;: &quot;drupal&quot;,
&quot;display_name&quot;: &quot;Drupal&quot;,
&quot;source_name&quot;: &quot;Drupal Security Advisories Site&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.&quot;,
&quot;replacement_sources&quot;: [
&quot;Drupal Security Advisories RSS&quot;,
&quot;GHSA Drupal Core&quot;
],
&quot;url&quot;: &quot;https://www.drupal.org/security&quot;
},
{
&quot;system_id&quot;: &quot;drupal&quot;,
&quot;display_name&quot;: &quot;Drupal&quot;,
&quot;source_name&quot;: &quot;GHSA Drupal Core&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;Drupal Security Advisories RSS&quot;,
&quot;NVD Drupal&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;esbuild&quot;,
&quot;display_name&quot;: &quot;esbuild&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV esbuild&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;express&quot;,
&quot;display_name&quot;: &quot;Express&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Express&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;fastify&quot;,
&quot;display_name&quot;: &quot;Fastify&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Fastify&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;flask&quot;,
&quot;display_name&quot;: &quot;Flask&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Flask&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;hapi&quot;,
&quot;display_name&quot;: &quot;Hapi&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Hapi&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;haproxy&quot;,
&quot;display_name&quot;: &quot;HAProxy&quot;,
&quot;source_name&quot;: &quot;HAProxy Security Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Legacy haproxy.org security page no longer yields stable scrape results for monitoring.&quot;,
&quot;replacement_sources&quot;: [
&quot;HAProxy Blog Feed&quot;
],
&quot;url&quot;: &quot;https://www.haproxy.org/security/&quot;
},
{
&quot;system_id&quot;: &quot;koa&quot;,
&quot;display_name&quot;: &quot;Koa&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Koa&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;laravel&quot;,
&quot;display_name&quot;: &quot;Laravel&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Laravel&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;mattermost&quot;,
&quot;display_name&quot;: &quot;Mattermost&quot;,
&quot;source_name&quot;: &quot;Mattermost Security Updates&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.&quot;,
&quot;replacement_sources&quot;: [
&quot;NVD Mattermost&quot;
],
&quot;url&quot;: &quot;https://mattermost.com/security-updates/&quot;
},
{
&quot;system_id&quot;: &quot;mediawiki&quot;,
&quot;display_name&quot;: &quot;MediaWiki&quot;,
&quot;source_name&quot;: &quot;MediaWiki Security Releases&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.&quot;,
&quot;replacement_sources&quot;: [
&quot;NVD MediaWiki&quot;
],
&quot;url&quot;: &quot;https://www.mediawiki.org/wiki/Security&quot;
},
{
&quot;system_id&quot;: &quot;moodle&quot;,
&quot;display_name&quot;: &quot;Moodle&quot;,
&quot;source_name&quot;: &quot;Moodle Security News&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.&quot;,
&quot;replacement_sources&quot;: [
&quot;NVD Moodle&quot;
],
&quot;url&quot;: &quot;https://moodle.org/security/&quot;
},
{
&quot;system_id&quot;: &quot;nestjs&quot;,
&quot;display_name&quot;: &quot;NestJS&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV NestJS&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nextjs&quot;,
&quot;display_name&quot;: &quot;Next.js&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;GitHub Next.js Advisories&quot;,
&quot;OSV Next.js&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nuxt&quot;,
&quot;display_name&quot;: &quot;Nuxt&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;Nuxt Security&quot;,
&quot;OSV Nuxt&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;rails&quot;,
&quot;display_name&quot;: &quot;Ruby on Rails&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Rails&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;react&quot;,
&quot;display_name&quot;: &quot;React&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;GitHub React Advisories&quot;,
&quot;OSV React&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;spring-boot&quot;,
&quot;display_name&quot;: &quot;Spring Boot&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.&quot;,
&quot;replacement_sources&quot;: [
&quot;Spring Security Advisories&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;spring-framework&quot;,
&quot;display_name&quot;: &quot;Spring Framework&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;Spring Security Advisories&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;spring-security&quot;,
&quot;display_name&quot;: &quot;Spring Security&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.&quot;,
&quot;replacement_sources&quot;: [
&quot;Spring Security Advisories&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;sveltekit&quot;,
&quot;display_name&quot;: &quot;SvelteKit&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV SvelteKit&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;symfony&quot;,
&quot;display_name&quot;: &quot;Symfony&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Symfony&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;undici&quot;,
&quot;display_name&quot;: &quot;Undici&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Undici&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;vite&quot;,
&quot;display_name&quot;: &quot;Vite&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;Vite Security&quot;,
&quot;OSV Vite&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;vue&quot;,
&quot;display_name&quot;: &quot;Vue&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;Vue Security&quot;,
&quot;OSV Vue&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;webpack&quot;,
&quot;display_name&quot;: &quot;webpack&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV webpack&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;werkzeug&quot;,
&quot;display_name&quot;: &quot;Werkzeug&quot;,
&quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Werkzeug&quot;
],
&quot;url&quot;: &quot;&quot;
}
]</pre>
</div>
</main>
</body>
</html>

141
08-threat-intel/generated/dashboard/docs/source-catalog-audit.html 普通文件
查看文件

@@ -0,0 +1,141 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Source Catalog Audit</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="/overview/index.html">返回工作台</a>
</div>
<h1>Source Catalog Audit</h1>
<div class="meta">工作台内置镜像页active/retired source、replacement map 与覆盖摘要。</div>
<pre># Source Catalog Audit
- generated_at: `2026-03-18T17:41:42+00:00`
- systems: `62`
- sources: `146`
- active_sources: `110`
- retired_sources: `36`
- systems_with_active_official: `62/62`
- systems_with_machine_readable_source: `57/62`
## Retired Sources
- `adobe-commerce` `Adobe Security Bulletins` -&gt; replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
- `adobe-commerce` `GHSA Adobe Commerce` -&gt; replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
- `adobe-commerce` `Sansec Research` -&gt; replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
- `angular` `GitHub Global Advisories` -&gt; replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
- `astro` `GitHub Global Advisories` -&gt; replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
- `discourse` `Discourse Meta Security` -&gt; replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
- `discourse` `GitHub Discourse Advisories` -&gt; replacements: `Discourse Release Notes RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
- `django` `Django Security RSS` -&gt; replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
- `drupal` `Drupal Security Advisories Site` -&gt; replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
- `drupal` `GHSA Drupal Core` -&gt; replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
- `esbuild` `GitHub Global Advisories` -&gt; replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
- `express` `GitHub Global Advisories` -&gt; replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
- `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
- `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
- `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
- `haproxy` `HAProxy Security Advisories` -&gt; replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
- `koa` `GitHub Global Advisories` -&gt; replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
- `laravel` `GitHub Global Advisories` -&gt; replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
- `mattermost` `Mattermost Security Updates` -&gt; replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
- `mediawiki` `MediaWiki Security Releases` -&gt; replacements: `NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
- `moodle` `Moodle Security News` -&gt; replacements: `NVD Moodle` | reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
- `nestjs` `GitHub Global Advisories` -&gt; replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
- `nextjs` `GitHub Global Advisories` -&gt; replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
- `nuxt` `GitHub Global Advisories` -&gt; replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
- `rails` `GitHub Global Advisories` -&gt; replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
- `react` `GitHub Global Advisories` -&gt; replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
- `spring-boot` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
- `spring-framework` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
- `spring-security` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
- `sveltekit` `GitHub Global Advisories` -&gt; replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
- `symfony` `GitHub Global Advisories` -&gt; replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
- `undici` `GitHub Global Advisories` -&gt; replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
- `vite` `GitHub Global Advisories` -&gt; replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
- `vue` `GitHub Global Advisories` -&gt; replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
- `webpack` `GitHub Global Advisories` -&gt; replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
- `werkzeug` `GitHub Global Advisories` -&gt; replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
</pre>
</div>
</main>
</body>
</html>

177
08-threat-intel/generated/dashboard/docs/source-map.html
查看文件

@@ -174,6 +174,17 @@ systems:
advisory_mode: module
keywords: [drupal, module, sa-contrib]
max_items: 50
status: retired
retired_reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
replacement_sources: [Drupal Security Advisories RSS, GHSA Drupal Core]
- name: GHSA Drupal Core
kind: ghsa-global
ecosystem: composer
confidence: ecosystem-authority
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
replacement_sources: [Drupal Security Advisories RSS, NVD Drupal]
research_sources: []
package_names:
- ecosystem: composer
@@ -325,6 +336,9 @@ systems:
advisory_mode: core
keywords: [mediawiki, security]
max_items: 50
status: retired
retired_reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
replacement_sources: [NVD MediaWiki]
- name: NVD MediaWiki
kind: nvd-search
keyword: MediaWiki
@@ -355,6 +369,9 @@ systems:
advisory_mode: core
keywords: [moodle, security]
max_items: 50
status: retired
retired_reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
replacement_sources: [NVD Moodle]
- name: NVD Moodle
kind: nvd-search
keyword: Moodle
@@ -385,13 +402,24 @@ systems:
advisory_mode: core
keywords: [discourse, security]
max_items: 50
- name: GitHub Discourse Advisories
kind: html-links
url: https://github.com/discourse/discourse/security/advisories
status: retired
retired_reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
replacement_sources: [Discourse Release Notes RSS, GitHub Discourse Advisories]
- name: Discourse Release Notes RSS
kind: rss-feed
url: https://meta.discourse.org/tag/release-notes.rss
confidence: official
advisory_mode: core
keywords: [discourse]
max_items: 50
keywords: [discourse, security, cve]
max_items: 60
- name: GitHub Discourse Advisories
kind: ghsa-global
ecosystem: rubygems
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
replacement_sources: [Discourse Release Notes RSS]
ecosystem_sources: []
research_sources: []
package_names:
@@ -418,6 +446,24 @@ systems:
advisory_mode: core
keywords: [adobe commerce, magento, apsb]
max_items: 60
status: retired
retired_reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce]
- name: Adobe Magento Security Index
kind: vendor-index
url: https://helpx.adobe.com/security/products/magento.html
confidence: official
advisory_mode: core
keywords: [adobe commerce, magento, apsb, security]
max_items: 60
request_policy:
user_agent: python-requests/2.31.0
timeout_seconds: 45
verify_tls: false
http_version: &quot;1.1&quot;
parser_hints:
keywords: [adobe commerce, magento, apsb, security]
include_url_patterns: [magento, security, APSB]
- name: NVD Adobe Commerce
kind: nvd-search
keyword: Adobe Commerce
@@ -425,13 +471,24 @@ systems:
advisory_mode: core
results_per_page: 50
ecosystem_sources:
- name: GHSA Adobe Commerce
kind: ghsa-global
ecosystem: composer
confidence: ecosystem-authority
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce]
- name: Sansec Research
kind: html-links
kind: vendor-index
url: https://sansec.io/research
confidence: ecosystem-authority
advisory_mode: extension
keywords: [magento, adobe commerce]
max_items: 50
status: retired
retired_reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
replacement_sources: [GHSA Adobe Commerce, Adobe Magento Security Index]
research_sources: []
package_names:
- ecosystem: composer
@@ -757,6 +814,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
replacement_sources: [GitHub React Advisories, OSV React]
- name: OSV React
kind: osv-batch
confidence: official
@@ -795,6 +855,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
replacement_sources: [GitHub Next.js Advisories, OSV Next.js]
- name: OSV Next.js
kind: osv-batch
confidence: official
@@ -831,6 +894,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
replacement_sources: [Vue Security, OSV Vue]
- name: OSV Vue
kind: osv-batch
confidence: official
@@ -869,6 +935,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
replacement_sources: [Nuxt Security, OSV Nuxt]
- name: OSV Nuxt
kind: osv-batch
confidence: official
@@ -905,6 +974,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
replacement_sources: [Vite Security, OSV Vite]
- name: OSV Vite
kind: osv-batch
confidence: official
@@ -934,6 +1006,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
replacement_sources: [OSV Angular]
- name: OSV Angular
kind: osv-batch
confidence: official
@@ -965,6 +1040,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
replacement_sources: [OSV SvelteKit]
- name: OSV SvelteKit
kind: osv-batch
confidence: official
@@ -994,6 +1072,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
replacement_sources: [OSV Astro]
- name: OSV Astro
kind: osv-batch
confidence: official
@@ -1023,6 +1104,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
replacement_sources: [OSV Express]
- name: OSV Express
kind: osv-batch
confidence: official
@@ -1052,6 +1136,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
replacement_sources: [OSV NestJS]
- name: OSV NestJS
kind: osv-batch
confidence: official
@@ -1081,6 +1168,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
replacement_sources: [OSV Koa]
- name: OSV Koa
kind: osv-batch
confidence: official
@@ -1110,6 +1200,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
replacement_sources: [OSV Fastify]
- name: OSV Fastify
kind: osv-batch
confidence: official
@@ -1139,6 +1232,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
replacement_sources: [OSV Hapi]
- name: OSV Hapi
kind: osv-batch
confidence: official
@@ -1198,6 +1294,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
replacement_sources: [OSV Undici]
- name: OSV Undici
kind: osv-batch
confidence: official
@@ -1227,6 +1326,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
replacement_sources: [OSV webpack]
- name: OSV webpack
kind: osv-batch
confidence: official
@@ -1256,6 +1358,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
replacement_sources: [OSV esbuild]
- name: OSV esbuild
kind: osv-batch
confidence: official
@@ -1292,6 +1397,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
replacement_sources: [Spring Security Advisories]
ecosystem_sources: []
research_sources: []
package_names:
@@ -1326,6 +1434,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
replacement_sources: [Spring Security Advisories]
ecosystem_sources: []
research_sources: []
package_names:
@@ -1358,6 +1469,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
replacement_sources: [Spring Security Advisories]
ecosystem_sources: []
research_sources: []
package_names:
@@ -1383,6 +1497,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
replacement_sources: [OSV Laravel]
- name: OSV Laravel
kind: osv-batch
confidence: official
@@ -1412,6 +1529,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
replacement_sources: [OSV Symfony]
- name: OSV Symfony
kind: osv-batch
confidence: official
@@ -1444,6 +1564,29 @@ systems:
advisory_mode: core
keywords: [django]
max_items: 60
status: retired
retired_reason: Official security tag feed became unstable; use official weblog index and release archive instead.
replacement_sources: [Django Security Weblog, Django Security Releases Archive]
- name: Django Security Weblog
kind: vendor-index
url: https://www.djangoproject.com/weblog/
confidence: official
advisory_mode: core
keywords: [django, security, release]
max_items: 60
parser_hints:
keywords: [django, security, release]
include_url_patterns: [/weblog/]
- name: Django Security Releases Archive
kind: vendor-index
url: https://docs.djangoproject.com/en/dev/releases/security/
confidence: official
advisory_mode: core
keywords: [django, security]
max_items: 40
parser_hints:
keywords: [django, security]
include_url_patterns: [/releases/security/]
- name: OSV Django
kind: osv-batch
confidence: official
@@ -1477,6 +1620,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
replacement_sources: [OSV Flask]
ecosystem_sources: []
research_sources: []
package_names:
@@ -1506,6 +1652,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
replacement_sources: [OSV Werkzeug]
ecosystem_sources: []
research_sources: []
package_names:
@@ -1531,6 +1680,9 @@ systems:
name: GitHub Global Advisories
confidence: official
advisory_mode: core
status: retired
retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
replacement_sources: [OSV Rails]
- name: OSV Rails
kind: osv-batch
confidence: official
@@ -1798,6 +1950,16 @@ systems:
advisory_mode: server
keywords: [haproxy, security]
max_items: 50
status: retired
retired_reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
replacement_sources: [HAProxy Blog Feed]
- name: HAProxy Blog Feed
kind: rss-feed
url: https://www.haproxy.com/feed/
confidence: official
advisory_mode: server
keywords: [haproxy, security, cve]
max_items: 40
- name: NVD HAProxy
kind: nvd-search
keyword: HAProxy
@@ -2041,6 +2203,9 @@ systems:
advisory_mode: core
keywords: [mattermost]
max_items: 50
status: retired
retired_reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
replacement_sources: [NVD Mattermost]
- name: NVD Mattermost
kind: nvd-search
keyword: Mattermost

45
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,18 +88,20 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-18T14:45:55+00:00`
- 最新 advisory 完整度: `0/5` `verified-real`
- 生成时间: `2026-03-18T17:52:49+00:00`
- 最新 advisory 完整度: `0/0` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
- 人工/待补证据数量: `5`
- 人工/待补证据数量: `0`
- 完整度百分比: `0.0%`
- active source 全绿: `110/110`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-18T17:44:31+00:00`
## 系统覆盖矩阵
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
| --- | ---: | ---: | ---: | ---: | ---: | --- |
| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
## 历史阻塞项修复纪要
@@ -107,39 +109,14 @@
- Family profiles previously used note-only attack runners and dry-run placeholders.
- Baseline and browser steps were skipped when environment readiness was not enforced.
- Latest completeness now uses one advisory -&gt; latest run semantics instead of historical run piles.
- Source health now counts only status=active sources; retired sources are audited separately with replacement links.
## Ingest / Source 健康度
- source failures: `29`
- drupal::Drupal Security Advisories Site::HTTPError
- discourse::Discourse Meta Security::HTTPError
- adobe-commerce::Adobe Security Bulletins::ConnectionError
- react::GitHub Global Advisories::TypeError
- nextjs::GitHub Global Advisories::AttributeError
- vue::GitHub Global Advisories::HTTPError
- nuxt::GitHub Global Advisories::HTTPError
- vite::GitHub Global Advisories::HTTPError
- angular::GitHub Global Advisories::HTTPError
- sveltekit::GitHub Global Advisories::HTTPError
- astro::GitHub Global Advisories::HTTPError
- express::GitHub Global Advisories::HTTPError
- nestjs::GitHub Global Advisories::HTTPError
- koa::GitHub Global Advisories::HTTPError
- fastify::GitHub Global Advisories::HTTPError
- hapi::GitHub Global Advisories::HTTPError
- undici::GitHub Global Advisories::HTTPError
- webpack::GitHub Global Advisories::HTTPError
- esbuild::GitHub Global Advisories::HTTPError
- spring-framework::GitHub Global Advisories::HTTPError
- spring-security::GitHub Global Advisories::HTTPError
- spring-boot::GitHub Global Advisories::HTTPError
- laravel::GitHub Global Advisories::HTTPError
- symfony::GitHub Global Advisories::HTTPError
- django::Django Security RSS::HTTPError
- flask::GitHub Global Advisories::HTTPError
- werkzeug::GitHub Global Advisories::HTTPError
- rails::GitHub Global Advisories::HTTPError
- haproxy::HAProxy Security Advisories::HTTPError
- source failures: `0`
- active sources: `110`
- green sources: `110`
- open alerts: `0`
## 剩余风险说明