更新: 109 个文件 - 2026-03-18 10:55:52

07-framework-security/cms/directus/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/cms/discourse/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 
@@ -25,7 +25,8 @@
 ## 来源
 
 - `official` [Discourse Meta Security](https://meta.discourse.org/c/bug/security/40) (mode=core)
-- `official` [GitHub Discourse Advisories](https://github.com/discourse/discourse/security/advisories) (mode=core)
+- `official` [Discourse Release Notes RSS](https://meta.discourse.org/tag/release-notes.rss) (mode=core)
+- `official` [GitHub Discourse Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
 
 ## 案例列表
 

07-framework-security/cms/drupal/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 
@@ -27,6 +27,7 @@
 - `official` [Drupal Security Advisories RSS](https://www.drupal.org/security/rss.xml) (mode=core)
 - `official` [NVD Drupal](https://nvd.nist.gov/vuln/search) (keyword=Drupal; mode=core)
 - `ecosystem-authority` [Drupal Security Advisories Site](https://www.drupal.org/security) (mode=module)
+- `ecosystem-authority` [GHSA Drupal Core](https://github.com/advisories) (ecosystem=composer; mode=core)
 
 ## 案例列表
 

07-framework-security/cms/ghost/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/cms/joomla/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/cms/mediawiki/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/cms/moodle/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/cms/strapi/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/cms/wordpress/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/adobe-commerce/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 
@@ -25,7 +25,9 @@
 ## 来源
 
 - `official` [Adobe Security Bulletins](https://helpx.adobe.com/security/products/magento.html) (mode=core)
+- `official` [Adobe Magento Security Index](https://helpx.adobe.com/security/products/magento.html) (mode=core)
 - `official` [NVD Adobe Commerce](https://nvd.nist.gov/vuln/search) (keyword=Adobe Commerce; mode=core)
+- `ecosystem-authority` [GHSA Adobe Commerce](https://github.com/advisories) (ecosystem=composer; mode=core)
 - `ecosystem-authority` [Sansec Research](https://sansec.io/research) (mode=extension)
 
 ## 案例列表

07-framework-security/ecommerce/magento-open-source/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/medusa/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/opencart/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/openmage/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/prestashop/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/saleor/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/shopware/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/ecommerce/woocommerce/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/angular/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/aspnet-core/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/astro/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/django/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 
@@ -25,6 +25,8 @@
 ## 来源
 
 - `official` [Django Security RSS](https://www.djangoproject.com/weblog/feeds/tags/security/) (mode=core)
+- `official` [Django Security Weblog](https://www.djangoproject.com/weblog/) (mode=core)
+- `official` [Django Security Releases Archive](https://docs.djangoproject.com/en/dev/releases/security/) (mode=core)
 - `official` [OSV Django](https://osv.dev/) (mode=core)
 
 ## 案例列表

07-framework-security/frameworks/echo/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/esbuild/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/express/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/fastify/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/flask/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/gin/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/hapi/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/koa/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/laravel/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/nestjs/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/nextjs/INDEX.md

@@ -5,14 +5,14 @@
 - 系统 ID: `nextjs`
 - 分类: `frameworks`
 - 覆盖策略: `history-full`
-- 总案例数: `5`
+- 总案例数: `0`
-- 近 30 天新增/更新: `5`
+- 近 30 天新增/更新: `0`
-- 重点 Markdown 案例数: `5`
+- 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `5`
+- 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 
@@ -32,8 +32,4 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:26.646070Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
-| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
-| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
-| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
-| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |

07-framework-security/frameworks/nodejs/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/nuxt/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/rails/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/react/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/spring-boot/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/spring-framework/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/spring-security/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/sveltekit/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/symfony/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/undici/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/vite/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/vue/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/webpack/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/frameworks/werkzeug/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/adminer/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/gitea/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/gitlab-ce/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/grafana/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/jenkins/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/kibana/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/mattermost/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/phpmyadmin/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/platforms/redmine/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/servers/apache-httpd/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/servers/apache-tomcat/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/servers/caddy/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/servers/haproxy/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 
@@ -25,6 +25,7 @@
 ## 来源
 
 - `official` [HAProxy Security Advisories](https://www.haproxy.org/security/) (mode=server)
+- `official` [HAProxy Blog Feed](https://www.haproxy.com/feed/) (mode=server)
 - `official` [NVD HAProxy](https://nvd.nist.gov/vuln/search) (keyword=HAProxy; mode=server)
 
 ## 案例列表

07-framework-security/servers/nginx/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

07-framework-security/servers/traefik/INDEX.md

@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T14:45:52+00:00`
+- 最近渲染时间: `2026-03-18T17:52:48+00:00`
 
 ## 目标约束
 

08-threat-intel/generated/alerts.json

@@ -0,0 +1 @@
+[]

08-threat-intel/generated/coverage-matrix.md

@@ -37,7 +37,7 @@
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |

08-threat-intel/generated/dashboard/advisories.json

@@ -1,190 +1 @@
-{
+{}
-  "nextjs--CVE-2026-27977": {
-    "canonical_id": "nextjs--CVE-2026-27977",
-    "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
-    "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T15:29:48Z",
-    "updated_at": "2026-03-17T15:46:26.028580Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27977",
-      "GHSA-jcc7-9wpm-mj36"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-27978": {
-    "canonical_id": "nextjs--CVE-2026-27978",
-    "title": "Next.js: null origin can bypass Server Actions CSRF checks",
-    "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T15:30:14Z",
-    "updated_at": "2026-03-17T15:46:43.484729Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27978",
-      "GHSA-mq59-m269-xvcx"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-27979": {
-    "canonical_id": "nextjs--CVE-2026-27979",
-    "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
-    "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T16:16:49Z",
-    "updated_at": "2026-03-17T16:31:34.160932Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27979",
-      "GHSA-h27x-g6w4-24gq"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-27980": {
-    "canonical_id": "nextjs--CVE-2026-27980",
-    "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
-    "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T16:17:06Z",
-    "updated_at": "2026-03-17T16:31:33.597080Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27980",
-      "GHSA-3x4c-7xq6-9pq8"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-29057": {
-    "canonical_id": "nextjs--CVE-2026-29057",
-    "title": "Next.js: HTTP request smuggling in rewrites",
-    "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T16:17:15Z",
-    "updated_at": "2026-03-17T16:31:26.646070Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v15.5.13",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-29057",
-      "GHSA-ggv3-7p47-pfv8"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "request-smuggling-boundary",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  }
-}

08-threat-intel/generated/dashboard/architecture.json

@@ -1,5 +1,5 @@
 {
-  "generated_at": "2026-03-18T14:45:55+00:00",
+  "generated_at": "2026-03-18T17:52:49+00:00",
   "title": "\u5f53\u524d\u67b6\u6784\u5e93",
   "summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
   "sections": [
@@ -31,7 +31,7 @@
         },
         {
           "label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
-          "value": "5"
+          "value": "0"
         }
       ],
       "fields": [
@@ -49,7 +49,7 @@
         },
         {
           "label": "\u751f\u6210\u65f6\u95f4",
-          "value": "2026-03-18T14:45:55+00:00"
+          "value": "2026-03-18T17:52:49+00:00"
         }
       ],
       "links": [
@@ -268,6 +268,16 @@
               "href": "/docs/source-map.html",
               "description": "\u7cfb\u7edf\u8986\u76d6\u3001\u6765\u6e90\u548c\u8f93\u51fa\u76ee\u5f55\u771f\u503c\u3002"
             },
+            {
+              "label": "source catalog audit",
+              "href": "/docs/source-catalog-audit.html",
+              "description": "active/retired source \u5ba1\u8ba1\u3001\u66ff\u4ee3\u5173\u7cfb\u4e0e\u8986\u76d6\u6458\u8981\u3002"
+            },
+            {
+              "label": "retired sources",
+              "href": "/docs/retired-sources.html",
+              "description": "\u9000\u5f79\u6e90\u3001\u9000\u5f79\u539f\u56e0\u4e0e replacement map\u3002"
+            },
             {
               "label": "repro-map \u771f\u503c",
               "href": "/docs/repro-map.html",
@@ -298,6 +308,21 @@
               "href": "/data/completeness.json",
               "description": "\u6700\u65b0 advisory \u5b8c\u6574\u5ea6\u3001\u7cfb\u7edf/family \u8fdb\u5ea6\u4e0e ingest \u5065\u5eb7\u5ea6\u3002"
             },
+            {
+              "label": "source-health.json",
+              "href": "/data/source-health.json",
+              "description": "active source \u5065\u5eb7\u5ea6\u3001\u7cfb\u7edf\u5206\u5e03\u4e0e\u5931\u8d25\u5206\u7c7b\u3002"
+            },
+            {
+              "label": "alerts.json",
+              "href": "/data/alerts.json",
+              "description": "source \u544a\u8b66\u72b6\u6001\u673a\u3001failure streak \u4e0e resolved \u8bb0\u5f55\u3002"
+            },
+            {
+              "label": "monitor-summary.json",
+              "href": "/data/monitor-summary.json",
+              "description": "\u6bcf\u65e5\u76d1\u63a7\u6458\u8981\u3001open alerts \u4e0e\u6700\u8fd1\u5168\u7eff\u65f6\u95f4\u3002"
+            },
             {
               "label": "runs.json",
               "href": "/runs.json",
@@ -322,6 +347,11 @@
               "label": "architecture.json",
               "href": "/architecture.json",
               "description": "\u5f53\u524d\u67b6\u6784\u5e93\u7ed3\u6784\u5316 JSON\u3002"
+            },
+            {
+              "label": "source-catalog-audit.json",
+              "href": "/data/source-catalog-audit.json",
+              "description": "source catalog \u5ba1\u8ba1\u771f\u503c\u4e0e retired/replacement \u5173\u7cfb\u3002"
             }
           ],
           "fields": [
@@ -484,7 +514,7 @@
               "open": false,
               "badges": [
                 "\u8fd1\u4e24\u5e74\u5168\u91cf",
-                "\u5b98\u65b9\u6e90 2",
+                "\u5b98\u65b9\u6e90 3",
                 "\u751f\u6001\u6e90 0",
                 "\u7814\u7a76\u6e90 0"
               ],
@@ -518,7 +548,7 @@
                   "fields": [
                     {
                       "label": "\u5b98\u65b9\u6765\u6e90",
-                      "value": "Discourse Meta Security\nGitHub Discourse Advisories"
+                      "value": "Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories"
                     },
                     {
                       "label": "\u751f\u6001\u6765\u6e90",
@@ -570,7 +600,7 @@
               "badges": [
                 "\u5386\u53f2\u5168\u91cf",
                 "\u5b98\u65b9\u6e90 2",
-                "\u751f\u6001\u6e90 1",
+                "\u751f\u6001\u6e90 2",
                 "\u7814\u7a76\u6e90 0"
               ],
               "fields": [
@@ -607,7 +637,7 @@
                     },
                     {
                       "label": "\u751f\u6001\u6765\u6e90",
-                      "value": "Drupal Security Advisories Site"
+                      "value": "Drupal Security Advisories Site\nGHSA Drupal Core"
                     },
                     {
                       "label": "\u7814\u7a76\u6765\u6e90",
@@ -1440,7 +1470,7 @@
               "open": false,
               "badges": [
                 "\u8fd1\u4e24\u5e74\u5168\u91cf",
-                "\u5b98\u65b9\u6e90 2",
+                "\u5b98\u65b9\u6e90 4",
                 "\u751f\u6001\u6e90 0",
                 "\u7814\u7a76\u6e90 0"
               ],
@@ -1474,7 +1504,7 @@
                   "fields": [
                     {
                       "label": "\u5b98\u65b9\u6765\u6e90",
-                      "value": "Django Security RSS\nOSV Django"
+                      "value": "Django Security RSS\nDjango Security Weblog\nDjango Security Releases Archive\nOSV Django"
                     },
                     {
                       "label": "\u751f\u6001\u6765\u6e90",
@@ -4712,7 +4742,7 @@
               "open": false,
               "badges": [
                 "\u8fd1\u4e24\u5e74\u5168\u91cf",
-                "\u5b98\u65b9\u6e90 2",
+                "\u5b98\u65b9\u6e90 3",
                 "\u751f\u6001\u6e90 0",
                 "\u7814\u7a76\u6e90 0"
               ],
@@ -4746,7 +4776,7 @@
                   "fields": [
                     {
                       "label": "\u5b98\u65b9\u6765\u6e90",
-                      "value": "HAProxy Security Advisories\nNVD HAProxy"
+                      "value": "HAProxy Security Advisories\nHAProxy Blog Feed\nNVD HAProxy"
                     },
                     {
                       "label": "\u751f\u6001\u6765\u6e90",
@@ -4988,8 +5018,8 @@
               "open": false,
               "badges": [
                 "\u5386\u53f2\u5168\u91cf",
-                "\u5b98\u65b9\u6e90 2",
+                "\u5b98\u65b9\u6e90 3",
-                "\u751f\u6001\u6e90 1",
+                "\u751f\u6001\u6e90 2",
                 "\u7814\u7a76\u6e90 0"
               ],
               "fields": [
@@ -5022,11 +5052,11 @@
                   "fields": [
                     {
                       "label": "\u5b98\u65b9\u6765\u6e90",
-                      "value": "Adobe Security Bulletins\nNVD Adobe Commerce"
+                      "value": "Adobe Security Bulletins\nAdobe Magento Security Index\nNVD Adobe Commerce"
                     },
                     {
                       "label": "\u751f\u6001\u6765\u6e90",
-                      "value": "Sansec Research"
+                      "value": "GHSA Adobe Commerce\nSansec Research"
                     },
                     {
                       "label": "\u7814\u7a76\u6765\u6e90",
@@ -5857,15 +5887,15 @@
         },
         {
           "label": "Advisory \u6570",
-          "value": "5"
+          "value": "0"
         },
         {
           "label": "\u72b6\u6001\u7c7b\u578b",
-          "value": "1"
+          "value": "0"
         },
         {
           "label": "\u6700\u8fd1\u5931\u8d25",
-          "value": "5"
+          "value": "0"
         }
       ],
       "items": [
@@ -5873,23 +5903,7 @@
           "title": "\u72b6\u6001\u5206\u5e03",
           "summary": "verification_status \u5f53\u524d\u8ba1\u6570\u3002",
           "open": false,
-          "items": [
+          "items": []
-            {
-              "title": "\u4eba\u5de5\u5206\u8bca",
-              "summary": "\u5f53\u524d\u7d2f\u8ba1 5 \u6761\u3002",
-              "open": false,
-              "fields": [
-                {
-                  "label": "\u72b6\u6001\u7f16\u7801",
-                  "value": "triage-manual"
-                },
-                {
-                  "label": "\u6570\u91cf",
-                  "value": "5"
-                }
-              ]
-            }
-          ]
         },
         {
           "title": "\u6700\u8fd1\u5931\u8d25",
@@ -5897,134 +5911,9 @@
           "open": false,
           "items": [
             {
-              "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+              "title": "\u6682\u65e0\u5931\u8d25\u6837\u672c",
-              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
+              "summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002",
-              "open": false,
+              "open": false
-              "badges": [
-                "\u4eba\u5de5\u5206\u8bca"
-              ],
-              "fields": [
-                {
-                  "label": "\u8fd0\u884c ID",
-                  "value": "-"
-                },
-                {
-                  "label": "\u6f0f\u6d1e\u6761\u76ee",
-                  "value": "nextjs--CVE-2026-27979"
-                },
-                {
-                  "label": "\u72b6\u6001",
-                  "value": "\u4eba\u5de5\u5206\u8bca"
-                },
-                {
-                  "label": "\u963b\u585e\u539f\u56e0",
-                  "value": "-"
-                }
-              ]
-            },
-            {
-              "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
-              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
-              "open": false,
-              "badges": [
-                "\u4eba\u5de5\u5206\u8bca"
-              ],
-              "fields": [
-                {
-                  "label": "\u8fd0\u884c ID",
-                  "value": "-"
-                },
-                {
-                  "label": "\u6f0f\u6d1e\u6761\u76ee",
-                  "value": "nextjs--CVE-2026-27980"
-                },
-                {
-                  "label": "\u72b6\u6001",
-                  "value": "\u4eba\u5de5\u5206\u8bca"
-                },
-                {
-                  "label": "\u963b\u585e\u539f\u56e0",
-                  "value": "-"
-                }
-              ]
-            },
-            {
-              "title": "Next.js: HTTP request smuggling in rewrites",
-              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
-              "open": false,
-              "badges": [
-                "\u4eba\u5de5\u5206\u8bca"
-              ],
-              "fields": [
-                {
-                  "label": "\u8fd0\u884c ID",
-                  "value": "-"
-                },
-                {
-                  "label": "\u6f0f\u6d1e\u6761\u76ee",
-                  "value": "nextjs--CVE-2026-29057"
-                },
-                {
-                  "label": "\u72b6\u6001",
-                  "value": "\u4eba\u5de5\u5206\u8bca"
-                },
-                {
-                  "label": "\u963b\u585e\u539f\u56e0",
-                  "value": "-"
-                }
-              ]
-            },
-            {
-              "title": "Next.js: null origin can bypass Server Actions CSRF checks",
-              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
-              "open": false,
-              "badges": [
-                "\u4eba\u5de5\u5206\u8bca"
-              ],
-              "fields": [
-                {
-                  "label": "\u8fd0\u884c ID",
-                  "value": "-"
-                },
-                {
-                  "label": "\u6f0f\u6d1e\u6761\u76ee",
-                  "value": "nextjs--CVE-2026-27978"
-                },
-                {
-                  "label": "\u72b6\u6001",
-                  "value": "\u4eba\u5de5\u5206\u8bca"
-                },
-                {
-                  "label": "\u963b\u585e\u539f\u56e0",
-                  "value": "-"
-                }
-              ]
-            },
-            {
-              "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
-              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
-              "open": false,
-              "badges": [
-                "\u4eba\u5de5\u5206\u8bca"
-              ],
-              "fields": [
-                {
-                  "label": "\u8fd0\u884c ID",
-                  "value": "-"
-                },
-                {
-                  "label": "\u6f0f\u6d1e\u6761\u76ee",
-                  "value": "nextjs--CVE-2026-27977"
-                },
-                {
-                  "label": "\u72b6\u6001",
-                  "value": "\u4eba\u5de5\u5206\u8bca"
-                },
-                {
-                  "label": "\u963b\u585e\u539f\u56e0",
-                  "value": "-"
-                }
-              ]
             }
           ]
         }

08-threat-intel/generated/dashboard/assets/app.js

@@ -43,6 +43,8 @@ const DOC_HUB_ITEMS = [
   { title: "仓库入口镜像", href: "/docs/root-readme.html", description: "根 README 的本地镜像，包含能力矩阵与主入口。", badge: "readme" },
   { title: "授权模型", href: "/docs/authorization-model.html", description: "目标范围、授权模型、最小化验证建议和记录要求。", badge: "scope" },
   { title: "source-map 镜像", href: "/docs/source-map.html", description: "系统覆盖、来源、输出目录和 secure-code 主题真值。", badge: "source-map" },
+  { title: "source catalog audit", href: "/docs/source-catalog-audit.html", description: "active/retired source、replacement map 与覆盖摘要。", badge: "audit" },
+  { title: "retired sources", href: "/docs/retired-sources.html", description: "退役源、退役原因和 replacement_sources 真值。", badge: "retired" },
   { title: "repro-map 镜像", href: "/docs/repro-map.html", description: "默认漏洞家族、浏览器要求和日志策略真值。", badge: "repro-map" },
   { title: "覆盖矩阵镜像", href: "/docs/coverage-matrix.html", description: "当前全库覆盖矩阵的本地镜像。", badge: "coverage" },
   { title: "安全编码索引", href: "/docs/secure-code-index.html", description: "secure-code 修复主题索引镜像。", badge: "secure-code" },
@@ -52,6 +54,10 @@ const DOC_HUB_ITEMS = [
 const DATA_HUB_ITEMS = [
   { title: "summary.json", href: "/summary.json", description: "全局摘要、状态分布、最近失败与系统汇总。", badge: "json" },
   { title: "completeness.json", href: "/data/completeness.json", description: "最新 advisory 完整度、系统/family 进度与 ingest 健康度。", badge: "json" },
+  { title: "source-health.json", href: "/data/source-health.json", description: "active source 健康度、失败分类与系统分布。", badge: "json" },
+  { title: "alerts.json", href: "/data/alerts.json", description: "source 告警状态机、failure streak 与 resolved 记录。", badge: "json" },
+  { title: "monitor-summary.json", href: "/data/monitor-summary.json", description: "每日监控摘要、open alerts 与最近全绿时间。", badge: "json" },
+  { title: "source-catalog-audit.json", href: "/data/source-catalog-audit.json", description: "source catalog 审计真值与 retired/replacement 关系。", badge: "json" },
   { title: "runs.json", href: "/runs.json", description: "最近运行的结构化详情，可用于 UI 和调试。", badge: "json" },
   { title: "systems.json", href: "/systems.json", description: "系统级覆盖、分类、更新时间和浏览器证据统计。", badge: "json" },
   { title: "advisories.json", href: "/advisories.json", description: "漏洞条目元数据、来源和 secure-code 主题。", badge: "json" },
@@ -87,6 +93,9 @@ const state = {
   profiles: {},
   architecture: null,
   completeness: null,
+  sourceHealth: null,
+  alerts: [],
+  monitorSummary: null,
   selectedRunId: null,
   selectedArtifact: null,
   refreshHandle: null,
@@ -279,38 +288,41 @@ function familyOptions() {
 
 function metricCards() {
   const completeness = state.completeness || state.summary?.completeness || {};
-  const successCount = Number(completeness.verified_real || 0) + Number(completeness.verified_synthetic || 0);
+  const monitoring = state.monitorSummary || state.summary?.monitoring || {};
-  const blockedCount = Number(completeness.blocked || 0);
-  const inProgressCount = Number(completeness.manual || 0);
   const advisoryTotal = Number(completeness.advisory_total || state.summary?.advisory_count || 0);
+  const advisorySuccess = Number(completeness.verified_real || 0);
+  const activeSources = Number(monitoring.active_source_count || state.sourceHealth?.active_source_count || 0);
+  const greenSources = Number(monitoring.green_source_count || state.sourceHealth?.green_source_count || 0);
+  const openAlerts = Number(monitoring.open_alert_count || state.sourceHealth?.open_alert_count || 0);
+  const lastFullyGreen = monitoring.last_fully_green_run || state.sourceHealth?.last_fully_green_run || "";
 
   return [
     {
-      label: "最新 advisory",
+      label: "advisory 完整度",
-      value: advisoryTotal,
+      value: `${advisorySuccess}/${advisoryTotal}`,
       note: `历史运行 ${state.summary?.run_count || 0} 次`,
-      color: "var(--accent-purple)",
+      color: "var(--accent-green)",
       iconName: "report"
     },
     {
-      label: "实证成功",
+      label: "active sources",
-      value: successCount,
+      value: activeSources,
-      note: "真实版本 + 合成靶场",
+      note: `green ${greenSources}`,
-      color: "var(--accent-green)",
+      color: "var(--accent-blue)",
       iconName: "shield"
     },
     {
-      label: "当前阻塞",
+      label: "open alerts",
-      value: blockedCount,
+      value: openAlerts,
-      note: "latest advisory 状态里的 blocked-*",
+      note: "source-health 告警状态机",
       color: "var(--accent-red)",
       iconName: "failure"
     },
     {
-      label: "待处理 / 进行中",
+      label: "最近全绿",
-      value: inProgressCount,
+      value: lastFullyGreen ? formatDateTime(lastFullyGreen) : "-",
-      note: "人工分诊或待补证据的 latest advisory",
+      note: "active source 集合最近一次全绿",
-      color: "var(--accent-blue)",
+      color: "var(--accent-purple)",
       iconName: "timeline"
     }
   ];
@@ -762,6 +774,7 @@ function renderPanel(panelKey, title, meta, iconName, content) {
 
 function renderCompletenessPanel(panelKey, compact = false) {
   const completeness = state.completeness || state.summary?.completeness || {};
+  const sourceHealth = state.sourceHealth || completeness.source_health || {};
   const systems = (state.completeness?.systems || []).map((system) => `
     <article class="plan-card">
       <span class="plan-label">${escapeHtml(system.system_id)}</span>
@@ -795,12 +808,21 @@ function renderCompletenessPanel(panelKey, compact = false) {
           <strong>ingest failures</strong>
           <span>${escapeHtml(state.completeness?.ingest_health?.failure_count || 0)}</span>
         </article>
+        <article class="detail-stat">
+          <strong>active sources</strong>
+          <span>${escapeHtml(sourceHealth.active_source_count || 0)}</span>
+        </article>
+        <article class="detail-stat">
+          <strong>open alerts</strong>
+          <span>${escapeHtml(sourceHealth.open_alert_count || 0)}</span>
+        </article>
       </div>
       <div class="plan-grid" style="margin-top:16px;">${systems || `<div class="empty-state">暂无系统完整度数据。</div>`}</div>
       ${compact ? "" : `
         <div class="detail-actions" style="margin-top:16px;">
           <a class="button button-secondary" href="/docs/testing-completeness-report.html" target="_blank" rel="noreferrer">${icon("docs")}<span>打开中文报告</span></a>
           <a class="button button-secondary" href="/data/completeness.json" target="_blank" rel="noreferrer">${icon("json")}<span>打开 completeness.json</span></a>
+          <a class="button button-secondary" href="/data/source-health.json" target="_blank" rel="noreferrer">${icon("json")}<span>打开 source-health.json</span></a>
         </div>
         ${failures.length ? `<div class="callout" style="margin-top:16px;"><strong>Ingest 未清零</strong><div class="plan-copy">${escapeHtml(failures.join(" | "))}</div></div>` : ""}
       `}
@@ -808,6 +830,66 @@ function renderCompletenessPanel(panelKey, compact = false) {
   );
 }
 
+function renderSourceHealthPanel(panelKey, compact = false) {
+  const sourceHealth = state.sourceHealth || {};
+  const alerts = state.alerts || [];
+  const failures = (sourceHealth.failures || []).slice(0, 6);
+  const openAlertItems = alerts.filter((item) => item.status === "open");
+  const openAlerts = openAlertItems.slice(0, 6);
+  const failureCards = failures.length
+    ? failures.map((item) => `
+      <article class="plan-card">
+        <span class="plan-label">${escapeHtml(item.system_id || "-")} · ${escapeHtml(item.source_name || "-")}</span>
+        <div class="plan-copy">${escapeHtml(item.category || "unknown")} · ${escapeHtml(item.message || item.summary || "-")}</div>
+      </article>
+    `).join("")
+    : `<div class="empty-state">当前 active source 集合全绿。</div>`;
+  const alertCards = openAlerts.length
+    ? openAlerts.map((item) => `
+      <article class="plan-card">
+        <span class="plan-label">${escapeHtml(item.system_id || "-")} · ${escapeHtml(item.source_name || "-")}</span>
+        <div class="plan-copy">streak ${escapeHtml(item.failure_streak || 0)} · ${escapeHtml(item.last_category || "-")}</div>
+      </article>
+    `).join("")
+    : `<div class="empty-state">当前没有 open alert。</div>`;
+  return renderPanel(
+    panelKey,
+    "Source Health 与告警",
+    `${escapeHtml(sourceHealth.green_source_count || 0)}/${escapeHtml(sourceHealth.active_source_count || 0)}`,
+    "shield",
+    `
+      <div class="detail-stat-grid">
+        <article class="detail-stat">
+          <strong>green</strong>
+          <span>${escapeHtml(sourceHealth.green_source_count || 0)}</span>
+        </article>
+        <article class="detail-stat">
+          <strong>failures</strong>
+          <span>${escapeHtml(sourceHealth.failure_count || 0)}</span>
+        </article>
+        <article class="detail-stat">
+          <strong>open alerts</strong>
+          <span>${escapeHtml(openAlertItems.length)}</span>
+        </article>
+        <article class="detail-stat">
+          <strong>last fully green</strong>
+          <span>${escapeHtml(sourceHealth.last_fully_green_run ? formatDateTime(sourceHealth.last_fully_green_run) : "-")}</span>
+        </article>
+      </div>
+      ${compact ? "" : `
+        <div class="detail-actions" style="margin-top:16px;">
+          <a class="button button-secondary" href="/data/source-health.json" target="_blank" rel="noreferrer">${icon("json")}<span>source-health.json</span></a>
+          <a class="button button-secondary" href="/data/alerts.json" target="_blank" rel="noreferrer">${icon("json")}<span>alerts.json</span></a>
+          <a class="button button-secondary" href="/data/monitor-summary.json" target="_blank" rel="noreferrer">${icon("json")}<span>monitor-summary.json</span></a>
+          <a class="button button-secondary" href="/docs/source-catalog-audit.html" target="_blank" rel="noreferrer">${icon("docs")}<span>source catalog audit</span></a>
+        </div>
+      `}
+      <div class="plan-grid" style="margin-top:16px;">${failureCards}</div>
+      <div class="plan-grid" style="margin-top:16px;">${alertCards}</div>
+    `
+  );
+}
+
 function renderArchitectureFields(fields = []) {
   if (!fields.length) return "";
   return `
@@ -1185,6 +1267,7 @@ function renderOverviewWorkspace() {
         <div class="detail-subtitle">根入口保留为概览页，同时新增运行、系统、架构、文档和数据的独立 URL。顶部菜单负责分类切换，搜索与筛选会同步到地址栏。</div>
       </section>
       ${renderCompletenessPanel("overview_completeness")}
+      ${renderSourceHealthPanel("overview_source_health")}
       ${renderPanel("overview_runs", "最新运行", `${escapeHtml(runs.length)} 条`, "queue", renderRunList(runs, "暂无运行数据。"))}
       ${renderPanel("overview_systems", "系统覆盖概览", `${escapeHtml(systems.length)} 个系统`, "systems", `<div class="system-grid">${renderSystemCards(systems)}</div>`)}
       ${renderArchitecturePanel()}
@@ -1251,6 +1334,7 @@ function renderDocsWorkspace() {
         <div class="detail-subtitle">不再把所有入口混在首页链接堆里。这里按说明、设计、真值镜像和 secure-code 索引集中展示。</div>
       </section>
       ${renderCompletenessPanel("docs_completeness", true)}
+      ${renderSourceHealthPanel("docs_source_health", true)}
       ${renderPanel("docs_hub", "文档与镜像页", `${escapeHtml(DOC_HUB_ITEMS.length)} 个入口`, "docs", renderHubCards(DOC_HUB_ITEMS))}
     </div>
   `;
@@ -1272,6 +1356,7 @@ function renderDataWorkspace() {
         <div class="detail-subtitle">summary、runs、systems、advisories、profiles、architecture 已单独归入数据中心，避免和文档、运行详情混在一个地址里。</div>
       </section>
       ${renderCompletenessPanel("data_completeness", true)}
+      ${renderSourceHealthPanel("data_source_health")}
       ${renderPanel("data_hub", "JSON 与生成数据", `${escapeHtml(DATA_HUB_ITEMS.length)} 个入口`, "json", renderHubCards(DATA_HUB_ITEMS))}
     </div>
   `;
@@ -1473,14 +1558,17 @@ async function loadData(preserveSelection = true) {
   renderSyncState("loading", "刷新中", `本地时间 ${new Date().toLocaleTimeString("zh-CN", { hour12: false })}`);
 
   try {
-    const [summary, runs, systems, advisories, profiles, architecture, completeness] = await Promise.all([
+    const [summary, runs, systems, advisories, profiles, architecture, completeness, sourceHealth, alerts, monitorSummary] = await Promise.all([
       fetchJson("/summary.json"),
       fetchJson("/runs.json"),
       fetchJson("/systems.json"),
       fetchJson("/advisories.json"),
       fetchJson("/profiles.json"),
       fetchJson("/architecture.json"),
-      fetchJson("/data/completeness.json")
+      fetchJson("/data/completeness.json"),
+      fetchJson("/data/source-health.json"),
+      fetchJson("/data/alerts.json"),
+      fetchJson("/data/monitor-summary.json")
     ]);
 
     state.summary = summary;
@@ -1490,6 +1578,9 @@ async function loadData(preserveSelection = true) {
     state.profiles = profiles;
     state.architecture = architecture;
     state.completeness = completeness;
+    state.sourceHealth = sourceHealth;
+    state.alerts = alerts;
+    state.monitorSummary = monitorSummary;
 
     const filtered = filteredRuns();
     const candidate = preserveSelection ? (state.selectedRunId || previousRunId) : state.selectedRunId;

08-threat-intel/generated/dashboard/data/alerts.json

@@ -0,0 +1 @@
+[]

08-threat-intel/generated/dashboard/data/completeness.json

@@ -1,9 +1,7 @@
 {
-  "generated_at": "2026-03-18T14:45:55+00:00",
+  "generated_at": "2026-03-18T17:52:49+00:00",
-  "advisory_total": 5,
+  "advisory_total": 0,
-  "latest_statuses": {
+  "latest_statuses": {},
-    "triage-manual": 5
-  },
   "historical_statuses": {
     "verified-real": 136,
     "blocked-artifact": 3,
@@ -12,76 +10,52 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked": 0,
-  "manual": 5,
+  "manual": 0,
   "verified_ratio": 0.0,
   "complete": false,
-  "systems": [
+  "systems": [],
-    {
-      "system_id": "nextjs",
-      "display_name": "Next.js",
-      "total": 5,
-      "verified_real": 0,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 5,
-      "families": [
-        {
-          "family": "proxy-boundary",
-          "total": 4,
-          "verified_real": 0,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 4
-        },
-        {
-          "family": "request-smuggling",
-          "total": 1,
-          "verified_real": 0,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 1
-        }
-      ]
-    }
-  ],
   "ingest_health": {
-    "failure_count": 29,
+    "failure_count": 0,
-    "failures": [
+    "failures": []
-      "drupal::Drupal Security Advisories Site::HTTPError",
+  },
-      "discourse::Discourse Meta Security::HTTPError",
+  "source_health": {
-      "adobe-commerce::Adobe Security Bulletins::ConnectionError",
+    "active_source_count": 110,
-      "react::GitHub Global Advisories::TypeError",
+    "green_source_count": 110,
-      "nextjs::GitHub Global Advisories::AttributeError",
+    "failure_count": 0,
-      "vue::GitHub Global Advisories::HTTPError",
+    "last_fully_green_run": "2026-03-18T17:44:31+00:00",
-      "nuxt::GitHub Global Advisories::HTTPError",
+    "open_alert_count": 0,
-      "vite::GitHub Global Advisories::HTTPError",
+    "resolved_alert_count": 0
-      "angular::GitHub Global Advisories::HTTPError",
+  },
-      "sveltekit::GitHub Global Advisories::HTTPError",
+  "monitor_summary": {
-      "astro::GitHub Global Advisories::HTTPError",
+    "generated_at": "2026-03-18T17:44:31+00:00",
-      "express::GitHub Global Advisories::HTTPError",
+    "active_source_count": 110,
-      "nestjs::GitHub Global Advisories::HTTPError",
+    "green_source_count": 110,
-      "koa::GitHub Global Advisories::HTTPError",
+    "source_failure_count": 0,
-      "fastify::GitHub Global Advisories::HTTPError",
+    "open_alert_count": 0,
-      "hapi::GitHub Global Advisories::HTTPError",
+    "resolved_alert_count": 0,
-      "undici::GitHub Global Advisories::HTTPError",
+    "last_fully_green_run": "2026-03-18T17:44:31+00:00",
-      "webpack::GitHub Global Advisories::HTTPError",
+    "source_catalog": {
-      "esbuild::GitHub Global Advisories::HTTPError",
+      "system_count": 62,
-      "spring-framework::GitHub Global Advisories::HTTPError",
+      "source_count": 146,
-      "spring-security::GitHub Global Advisories::HTTPError",
+      "retired_source_count": 36
-      "spring-boot::GitHub Global Advisories::HTTPError",
+    },
-      "laravel::GitHub Global Advisories::HTTPError",
+    "ingest": {
-      "symfony::GitHub Global Advisories::HTTPError",
+      "new_count": 0,
-      "django::Django Security RSS::HTTPError",
+      "updated_count": 0,
-      "flask::GitHub Global Advisories::HTTPError",
+      "failure_count": 0,
-      "werkzeug::GitHub Global Advisories::HTTPError",
+      "systems_touched": []
-      "rails::GitHub Global Advisories::HTTPError",
+    },
-      "haproxy::HAProxy Security Advisories::HTTPError"
+    "validation": {
-    ]
+      "passed": true,
+      "error_count": 0,
+      "errors": []
+    }
   },
   "historical_blockers": [
     "Docker daemon unavailable caused provision-compose-environment blocked-artifact.",
     "Family profiles previously used note-only attack runners and dry-run placeholders.",
     "Baseline and browser steps were skipped when environment readiness was not enforced.",
-    "Latest completeness now uses one advisory -> latest run semantics instead of historical run piles."
+    "Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.",
+    "Source health now counts only status=active sources; retired sources are audited separately with replacement links."
   ]
 }

08-threat-intel/generated/dashboard/data/monitor-summary.json

@@ -0,0 +1,25 @@
+{
+  "generated_at": "2026-03-18T17:44:31+00:00",
+  "active_source_count": 110,
+  "green_source_count": 110,
+  "source_failure_count": 0,
+  "open_alert_count": 0,
+  "resolved_alert_count": 0,
+  "last_fully_green_run": "2026-03-18T17:44:31+00:00",
+  "source_catalog": {
+    "system_count": 62,
+    "source_count": 146,
+    "retired_source_count": 36
+  },
+  "ingest": {
+    "new_count": 0,
+    "updated_count": 0,
+    "failure_count": 0,
+    "systems_touched": []
+  },
+  "validation": {
+    "passed": true,
+    "error_count": 0,
+    "errors": []
+  }
+}

08-threat-intel/generated/dashboard/docs/architecture-library.html

@@ -87,7 +87,7 @@
       <h1>当前架构库镜像</h1>
       <div class="meta">工作台内置镜像页：当前架构库结构化数据镜像。</div>
       <pre>{
-  &quot;generated_at&quot;: &quot;2026-03-18T14:45:55+00:00&quot;,
+  &quot;generated_at&quot;: &quot;2026-03-18T17:52:49+00:00&quot;,
   &quot;title&quot;: &quot;当前架构库&quot;,
   &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
   &quot;sections&quot;: [
@@ -119,7 +119,7 @@
         },
         {
           &quot;label&quot;: &quot;当前漏洞条目&quot;,
-          &quot;value&quot;: &quot;5&quot;
+          &quot;value&quot;: &quot;0&quot;
         }
       ],
       &quot;fields&quot;: [
@@ -137,7 +137,7 @@
         },
         {
           &quot;label&quot;: &quot;生成时间&quot;,
-          &quot;value&quot;: &quot;2026-03-18T14:45:55+00:00&quot;
+          &quot;value&quot;: &quot;2026-03-18T17:52:49+00:00&quot;
         }
       ],
       &quot;links&quot;: [
@@ -356,6 +356,16 @@
               &quot;href&quot;: &quot;/docs/source-map.html&quot;,
               &quot;description&quot;: &quot;系统覆盖、来源和输出目录真值。&quot;
             },
+            {
+              &quot;label&quot;: &quot;source catalog audit&quot;,
+              &quot;href&quot;: &quot;/docs/source-catalog-audit.html&quot;,
+              &quot;description&quot;: &quot;active/retired source 审计、替代关系与覆盖摘要。&quot;
+            },
+            {
+              &quot;label&quot;: &quot;retired sources&quot;,
+              &quot;href&quot;: &quot;/docs/retired-sources.html&quot;,
+              &quot;description&quot;: &quot;退役源、退役原因与 replacement map。&quot;
+            },
             {
               &quot;label&quot;: &quot;repro-map 真值&quot;,
               &quot;href&quot;: &quot;/docs/repro-map.html&quot;,
@@ -386,6 +396,21 @@
               &quot;href&quot;: &quot;/data/completeness.json&quot;,
               &quot;description&quot;: &quot;最新 advisory 完整度、系统/family 进度与 ingest 健康度。&quot;
             },
+            {
+              &quot;label&quot;: &quot;source-health.json&quot;,
+              &quot;href&quot;: &quot;/data/source-health.json&quot;,
+              &quot;description&quot;: &quot;active source 健康度、系统分布与失败分类。&quot;
+            },
+            {
+              &quot;label&quot;: &quot;alerts.json&quot;,
+              &quot;href&quot;: &quot;/data/alerts.json&quot;,
+              &quot;description&quot;: &quot;source 告警状态机、failure streak 与 resolved 记录。&quot;
+            },
+            {
+              &quot;label&quot;: &quot;monitor-summary.json&quot;,
+              &quot;href&quot;: &quot;/data/monitor-summary.json&quot;,
+              &quot;description&quot;: &quot;每日监控摘要、open alerts 与最近全绿时间。&quot;
+            },
             {
               &quot;label&quot;: &quot;runs.json&quot;,
               &quot;href&quot;: &quot;/runs.json&quot;,
@@ -410,6 +435,11 @@
               &quot;label&quot;: &quot;architecture.json&quot;,
               &quot;href&quot;: &quot;/architecture.json&quot;,
               &quot;description&quot;: &quot;当前架构库结构化 JSON。&quot;
+            },
+            {
+              &quot;label&quot;: &quot;source-catalog-audit.json&quot;,
+              &quot;href&quot;: &quot;/data/source-catalog-audit.json&quot;,
+              &quot;description&quot;: &quot;source catalog 审计真值与 retired/replacement 关系。&quot;
             }
           ],
           &quot;fields&quot;: [
@@ -572,7 +602,7 @@
               &quot;open&quot;: false,
               &quot;badges&quot;: [
                 &quot;近两年全量&quot;,
-                &quot;官方源 2&quot;,
+                &quot;官方源 3&quot;,
                 &quot;生态源 0&quot;,
                 &quot;研究源 0&quot;
               ],
@@ -606,7 +636,7 @@
                   &quot;fields&quot;: [
                     {
                       &quot;label&quot;: &quot;官方来源&quot;,
-                      &quot;value&quot;: &quot;Discourse Meta Security\nGitHub Discourse Advisories&quot;
+                      &quot;value&quot;: &quot;Discourse Meta Security\nDiscourse Release Notes RSS\nGitHub Discourse Advisories&quot;
                     },
                     {
                       &quot;label&quot;: &quot;生态来源&quot;,
@@ -658,7 +688,7 @@
               &quot;badges&quot;: [
                 &quot;历史全量&quot;,
                 &quot;官方源 2&quot;,
-                &quot;生态源 1&quot;,
+                &quot;生态源 2&quot;,
                 &quot;研究源 0&quot;
               ],
               &quot;fields&quot;: [
@@ -695,7 +725,7 @@
                     },
                     {
                       &quot;label&quot;: &quot;生态来源&quot;,
-                      &quot;value&quot;: &quot;Drupal Security Advisories Site&quot;
+                      &quot;value&quot;: &quot;Drupal Security Advisories Site\nGHSA Drupal Core&quot;
                     },
                     {
                       &quot;label&quot;: &quot;研究来源&quot;,
@@ -1528,7 +1558,7 @@
               &quot;open&quot;: false,
               &quot;badges&quot;: [
                 &quot;近两年全量&quot;,
-                &quot;官方源 2&quot;,
+                &quot;官方源 4&quot;,
                 &quot;生态源 0&quot;,
                 &quot;研究源 0&quot;
               ],
@@ -1562,7 +1592,7 @@
                   &quot;fields&quot;: [
                     {
                       &quot;label&quot;: &quot;官方来源&quot;,
-                      &quot;value&quot;: &quot;Django Security RSS\nOSV Django&quot;
+                      &quot;value&quot;: &quot;Django Security RSS\nDjango Security Weblog\nDjango Security Releases Archive\nOSV Django&quot;
                     },
                     {
                       &quot;label&quot;: &quot;生态来源&quot;,
@@ -4800,7 +4830,7 @@
               &quot;open&quot;: false,
               &quot;badges&quot;: [
                 &quot;近两年全量&quot;,
-                &quot;官方源 2&quot;,
+                &quot;官方源 3&quot;,
                 &quot;生态源 0&quot;,
                 &quot;研究源 0&quot;
               ],
@@ -4834,7 +4864,7 @@
                   &quot;fields&quot;: [
                     {
                       &quot;label&quot;: &quot;官方来源&quot;,
-                      &quot;value&quot;: &quot;HAProxy Security Advisories\nNVD HAProxy&quot;
+                      &quot;value&quot;: &quot;HAProxy Security Advisories\nHAProxy Blog Feed\nNVD HAProxy&quot;
                     },
                     {
                       &quot;label&quot;: &quot;生态来源&quot;,
@@ -5076,8 +5106,8 @@
               &quot;open&quot;: false,
               &quot;badges&quot;: [
                 &quot;历史全量&quot;,
-                &quot;官方源 2&quot;,
+                &quot;官方源 3&quot;,
-                &quot;生态源 1&quot;,
+                &quot;生态源 2&quot;,
                 &quot;研究源 0&quot;
               ],
               &quot;fields&quot;: [
@@ -5110,11 +5140,11 @@
                   &quot;fields&quot;: [
                     {
                       &quot;label&quot;: &quot;官方来源&quot;,
-                      &quot;value&quot;: &quot;Adobe Security Bulletins\nNVD Adobe Commerce&quot;
+                      &quot;value&quot;: &quot;Adobe Security Bulletins\nAdobe Magento Security Index\nNVD Adobe Commerce&quot;
                     },
                     {
                       &quot;label&quot;: &quot;生态来源&quot;,
-                      &quot;value&quot;: &quot;Sansec Research&quot;
+                      &quot;value&quot;: &quot;GHSA Adobe Commerce\nSansec Research&quot;
                     },
                     {
                       &quot;label&quot;: &quot;研究来源&quot;,
@@ -5945,15 +5975,15 @@
         },
         {
           &quot;label&quot;: &quot;Advisory 数&quot;,
-          &quot;value&quot;: &quot;5&quot;
+          &quot;value&quot;: &quot;0&quot;
         },
         {
           &quot;label&quot;: &quot;状态类型&quot;,
-          &quot;value&quot;: &quot;1&quot;
+          &quot;value&quot;: &quot;0&quot;
         },
         {
           &quot;label&quot;: &quot;最近失败&quot;,
-          &quot;value&quot;: &quot;5&quot;
+          &quot;value&quot;: &quot;0&quot;
         }
       ],
       &quot;items&quot;: [
@@ -5961,23 +5991,7 @@
           &quot;title&quot;: &quot;状态分布&quot;,
           &quot;summary&quot;: &quot;verification_status 当前计数。&quot;,
           &quot;open&quot;: false,
-          &quot;items&quot;: [
+          &quot;items&quot;: []
-            {
-              &quot;title&quot;: &quot;人工分诊&quot;,
-              &quot;summary&quot;: &quot;当前累计 5 条。&quot;,
-              &quot;open&quot;: false,
-              &quot;fields&quot;: [
-                {
-                  &quot;label&quot;: &quot;状态编码&quot;,
-                  &quot;value&quot;: &quot;triage-manual&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;数量&quot;,
-                  &quot;value&quot;: &quot;5&quot;
-                }
-              ]
-            }
-          ]
         },
         {
           &quot;title&quot;: &quot;最近失败&quot;,
@@ -5985,134 +5999,9 @@
           &quot;open&quot;: false,
           &quot;items&quot;: [
             {
-              &quot;title&quot;: &quot;Next.js: Unbounded postponed resume buffering can lead to DoS&quot;,
+              &quot;title&quot;: &quot;暂无失败样本&quot;,
-              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
+              &quot;summary&quot;: &quot;当前 summary.json 中没有 recent_failures。&quot;,
-              &quot;open&quot;: false,
+              &quot;open&quot;: false
-              &quot;badges&quot;: [
-                &quot;人工分诊&quot;
-              ],
-              &quot;fields&quot;: [
-                {
-                  &quot;label&quot;: &quot;运行 ID&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;漏洞条目&quot;,
-                  &quot;value&quot;: &quot;nextjs--CVE-2026-27979&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;状态&quot;,
-                  &quot;value&quot;: &quot;人工分诊&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;阻塞原因&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                }
-              ]
-            },
-            {
-              &quot;title&quot;: &quot;Next.js: Unbounded next/image disk cache growth can exhaust storage&quot;,
-              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
-              &quot;open&quot;: false,
-              &quot;badges&quot;: [
-                &quot;人工分诊&quot;
-              ],
-              &quot;fields&quot;: [
-                {
-                  &quot;label&quot;: &quot;运行 ID&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;漏洞条目&quot;,
-                  &quot;value&quot;: &quot;nextjs--CVE-2026-27980&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;状态&quot;,
-                  &quot;value&quot;: &quot;人工分诊&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;阻塞原因&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                }
-              ]
-            },
-            {
-              &quot;title&quot;: &quot;Next.js: HTTP request smuggling in rewrites&quot;,
-              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
-              &quot;open&quot;: false,
-              &quot;badges&quot;: [
-                &quot;人工分诊&quot;
-              ],
-              &quot;fields&quot;: [
-                {
-                  &quot;label&quot;: &quot;运行 ID&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;漏洞条目&quot;,
-                  &quot;value&quot;: &quot;nextjs--CVE-2026-29057&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;状态&quot;,
-                  &quot;value&quot;: &quot;人工分诊&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;阻塞原因&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                }
-              ]
-            },
-            {
-              &quot;title&quot;: &quot;Next.js: null origin can bypass Server Actions CSRF checks&quot;,
-              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
-              &quot;open&quot;: false,
-              &quot;badges&quot;: [
-                &quot;人工分诊&quot;
-              ],
-              &quot;fields&quot;: [
-                {
-                  &quot;label&quot;: &quot;运行 ID&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;漏洞条目&quot;,
-                  &quot;value&quot;: &quot;nextjs--CVE-2026-27978&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;状态&quot;,
-                  &quot;value&quot;: &quot;人工分诊&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;阻塞原因&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                }
-              ]
-            },
-            {
-              &quot;title&quot;: &quot;Next.js: null origin can bypass dev HMR websocket CSRF checks&quot;,
-              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
-              &quot;open&quot;: false,
-              &quot;badges&quot;: [
-                &quot;人工分诊&quot;
-              ],
-              &quot;fields&quot;: [
-                {
-                  &quot;label&quot;: &quot;运行 ID&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;漏洞条目&quot;,
-                  &quot;value&quot;: &quot;nextjs--CVE-2026-27977&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;状态&quot;,
-                  &quot;value&quot;: &quot;人工分诊&quot;
-                },
-                {
-                  &quot;label&quot;: &quot;阻塞原因&quot;,
-                  &quot;value&quot;: &quot;-&quot;
-                }
-              ]
             }
           ]
         }

08-threat-intel/generated/dashboard/docs/coverage-matrix.html

@@ -125,7 +125,7 @@
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |

08-threat-intel/generated/dashboard/docs/retired-sources.html

@@ -0,0 +1,539 @@
+<!doctype html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Retired Sources &amp; Replacement Map</title>
+  <style>
+    :root {
+      --bg: #08111f;
+      --panel: rgba(9, 18, 32, 0.9);
+      --border: rgba(137, 171, 214, 0.2);
+      --text: #f7fafc;
+      --muted: #9fb3ca;
+      --accent: #5eead4;
+    }
+    * { box-sizing: border-box; }
+    body {
+      margin: 0;
+      min-height: 100vh;
+      font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
+      color: var(--text);
+      background:
+        radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
+        linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
+    }
+    main {
+      max-width: 1080px;
+      margin: 0 auto;
+      padding: 32px 20px 40px;
+    }
+    .panel {
+      background: var(--panel);
+      border: 1px solid var(--border);
+      border-radius: 20px;
+      padding: 24px;
+      box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
+    }
+    .actions {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 12px;
+      margin-bottom: 18px;
+    }
+    .chip {
+      display: inline-flex;
+      align-items: center;
+      gap: 8px;
+      border-radius: 999px;
+      border: 1px solid var(--border);
+      padding: 10px 14px;
+      color: var(--text);
+      background: rgba(255,255,255,0.05);
+      text-decoration: none;
+    }
+    .chip:hover { border-color: rgba(94, 234, 212, 0.42); }
+    h1 {
+      margin: 0 0 12px;
+      font-family: "IBM Plex Serif", Georgia, serif;
+      font-size: clamp(1.8rem, 4vw, 3rem);
+      line-height: 1.08;
+    }
+    .meta {
+      color: var(--muted);
+      margin-bottom: 18px;
+    }
+    pre {
+      margin: 0;
+      padding: 20px;
+      overflow: auto;
+      border-radius: 16px;
+      border: 1px solid rgba(137, 171, 214, 0.12);
+      background: rgba(2, 8, 22, 0.84);
+      color: #d6e5f5;
+      font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
+      font-size: 0.92rem;
+      line-height: 1.6;
+      white-space: pre-wrap;
+    }
+  </style>
+</head>
+<body>
+  <main>
+    <div class="panel">
+      <div class="actions">
+        <a class="chip" href="/overview/index.html">返回工作台</a>
+      </div>
+      <h1>Retired Sources &amp; Replacement Map</h1>
+      <div class="meta">工作台内置镜像页：退役源、退役原因和 replacement_sources 真值。</div>
+      <pre>[
+  {
+    &quot;system_id&quot;: &quot;adobe-commerce&quot;,
+    &quot;display_name&quot;: &quot;Adobe Commerce&quot;,
+    &quot;source_name&quot;: &quot;Adobe Security Bulletins&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Adobe Magento Security Index&quot;,
+      &quot;NVD Adobe Commerce&quot;,
+      &quot;GHSA Adobe Commerce&quot;
+    ],
+    &quot;url&quot;: &quot;https://helpx.adobe.com/security/products/magento.html&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;adobe-commerce&quot;,
+    &quot;display_name&quot;: &quot;Adobe Commerce&quot;,
+    &quot;source_name&quot;: &quot;GHSA Adobe Commerce&quot;,
+    &quot;bucket&quot;: &quot;ecosystem_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Adobe Magento Security Index&quot;,
+      &quot;NVD Adobe Commerce&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;adobe-commerce&quot;,
+    &quot;display_name&quot;: &quot;Adobe Commerce&quot;,
+    &quot;source_name&quot;: &quot;Sansec Research&quot;,
+    &quot;bucket&quot;: &quot;ecosystem_sources&quot;,
+    &quot;kind&quot;: &quot;vendor-index&quot;,
+    &quot;retired_reason&quot;: &quot;Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;GHSA Adobe Commerce&quot;,
+      &quot;Adobe Magento Security Index&quot;
+    ],
+    &quot;url&quot;: &quot;https://sansec.io/research&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;angular&quot;,
+    &quot;display_name&quot;: &quot;Angular&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Angular&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;astro&quot;,
+    &quot;display_name&quot;: &quot;Astro&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Astro&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;discourse&quot;,
+    &quot;display_name&quot;: &quot;Discourse&quot;,
+    &quot;source_name&quot;: &quot;Discourse Meta Security&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;Meta security category HTML changed and no longer provides stable scrape semantics for health checks.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Discourse Release Notes RSS&quot;,
+      &quot;GitHub Discourse Advisories&quot;
+    ],
+    &quot;url&quot;: &quot;https://meta.discourse.org/c/bug/security/40&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;discourse&quot;,
+    &quot;display_name&quot;: &quot;Discourse&quot;,
+    &quot;source_name&quot;: &quot;GitHub Discourse Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Discourse Release Notes RSS&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;django&quot;,
+    &quot;display_name&quot;: &quot;Django&quot;,
+    &quot;source_name&quot;: &quot;Django Security RSS&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;rss-feed&quot;,
+    &quot;retired_reason&quot;: &quot;Official security tag feed became unstable; use official weblog index and release archive instead.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Django Security Weblog&quot;,
+      &quot;Django Security Releases Archive&quot;
+    ],
+    &quot;url&quot;: &quot;https://www.djangoproject.com/weblog/feeds/tags/security/&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;drupal&quot;,
+    &quot;display_name&quot;: &quot;Drupal&quot;,
+    &quot;source_name&quot;: &quot;Drupal Security Advisories Site&quot;,
+    &quot;bucket&quot;: &quot;ecosystem_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Drupal Security Advisories RSS&quot;,
+      &quot;GHSA Drupal Core&quot;
+    ],
+    &quot;url&quot;: &quot;https://www.drupal.org/security&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;drupal&quot;,
+    &quot;display_name&quot;: &quot;Drupal&quot;,
+    &quot;source_name&quot;: &quot;GHSA Drupal Core&quot;,
+    &quot;bucket&quot;: &quot;ecosystem_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Drupal Security Advisories RSS&quot;,
+      &quot;NVD Drupal&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;esbuild&quot;,
+    &quot;display_name&quot;: &quot;esbuild&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV esbuild&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;express&quot;,
+    &quot;display_name&quot;: &quot;Express&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Express&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;fastify&quot;,
+    &quot;display_name&quot;: &quot;Fastify&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Fastify&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;flask&quot;,
+    &quot;display_name&quot;: &quot;Flask&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Flask&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;hapi&quot;,
+    &quot;display_name&quot;: &quot;Hapi&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Hapi&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;haproxy&quot;,
+    &quot;display_name&quot;: &quot;HAProxy&quot;,
+    &quot;source_name&quot;: &quot;HAProxy Security Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;Legacy haproxy.org security page no longer yields stable scrape results for monitoring.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;HAProxy Blog Feed&quot;
+    ],
+    &quot;url&quot;: &quot;https://www.haproxy.org/security/&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;koa&quot;,
+    &quot;display_name&quot;: &quot;Koa&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Koa&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;laravel&quot;,
+    &quot;display_name&quot;: &quot;Laravel&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Laravel&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;mattermost&quot;,
+    &quot;display_name&quot;: &quot;Mattermost&quot;,
+    &quot;source_name&quot;: &quot;Mattermost Security Updates&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;NVD Mattermost&quot;
+    ],
+    &quot;url&quot;: &quot;https://mattermost.com/security-updates/&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;mediawiki&quot;,
+    &quot;display_name&quot;: &quot;MediaWiki&quot;,
+    &quot;source_name&quot;: &quot;MediaWiki Security Releases&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;NVD MediaWiki&quot;
+    ],
+    &quot;url&quot;: &quot;https://www.mediawiki.org/wiki/Security&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;moodle&quot;,
+    &quot;display_name&quot;: &quot;Moodle&quot;,
+    &quot;source_name&quot;: &quot;Moodle Security News&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;NVD Moodle&quot;
+    ],
+    &quot;url&quot;: &quot;https://moodle.org/security/&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;nestjs&quot;,
+    &quot;display_name&quot;: &quot;NestJS&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV NestJS&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;nextjs&quot;,
+    &quot;display_name&quot;: &quot;Next.js&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;GitHub Next.js Advisories&quot;,
+      &quot;OSV Next.js&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;nuxt&quot;,
+    &quot;display_name&quot;: &quot;Nuxt&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Nuxt Security&quot;,
+      &quot;OSV Nuxt&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;rails&quot;,
+    &quot;display_name&quot;: &quot;Ruby on Rails&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Rails&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;react&quot;,
+    &quot;display_name&quot;: &quot;React&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;GitHub React Advisories&quot;,
+      &quot;OSV React&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;spring-boot&quot;,
+    &quot;display_name&quot;: &quot;Spring Boot&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Spring Security Advisories&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;spring-framework&quot;,
+    &quot;display_name&quot;: &quot;Spring Framework&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Spring Security Advisories&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;spring-security&quot;,
+    &quot;display_name&quot;: &quot;Spring Security&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Spring Security Advisories&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;sveltekit&quot;,
+    &quot;display_name&quot;: &quot;SvelteKit&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV SvelteKit&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;symfony&quot;,
+    &quot;display_name&quot;: &quot;Symfony&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Symfony&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;undici&quot;,
+    &quot;display_name&quot;: &quot;Undici&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Undici&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;vite&quot;,
+    &quot;display_name&quot;: &quot;Vite&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Vite Security&quot;,
+      &quot;OSV Vite&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;vue&quot;,
+    &quot;display_name&quot;: &quot;Vue&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;Vue Security&quot;,
+      &quot;OSV Vue&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;webpack&quot;,
+    &quot;display_name&quot;: &quot;webpack&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV webpack&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  },
+  {
+    &quot;system_id&quot;: &quot;werkzeug&quot;,
+    &quot;display_name&quot;: &quot;Werkzeug&quot;,
+    &quot;source_name&quot;: &quot;GitHub Global Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;ghsa-global&quot;,
+    &quot;retired_reason&quot;: &quot;Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Werkzeug&quot;
+    ],
+    &quot;url&quot;: &quot;&quot;
+  }
+]</pre>
+    </div>
+  </main>
+</body>
+</html>

08-threat-intel/generated/dashboard/docs/source-catalog-audit.html

@@ -0,0 +1,141 @@
+<!doctype html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Source Catalog Audit</title>
+  <style>
+    :root {
+      --bg: #08111f;
+      --panel: rgba(9, 18, 32, 0.9);
+      --border: rgba(137, 171, 214, 0.2);
+      --text: #f7fafc;
+      --muted: #9fb3ca;
+      --accent: #5eead4;
+    }
+    * { box-sizing: border-box; }
+    body {
+      margin: 0;
+      min-height: 100vh;
+      font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
+      color: var(--text);
+      background:
+        radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
+        linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
+    }
+    main {
+      max-width: 1080px;
+      margin: 0 auto;
+      padding: 32px 20px 40px;
+    }
+    .panel {
+      background: var(--panel);
+      border: 1px solid var(--border);
+      border-radius: 20px;
+      padding: 24px;
+      box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
+    }
+    .actions {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 12px;
+      margin-bottom: 18px;
+    }
+    .chip {
+      display: inline-flex;
+      align-items: center;
+      gap: 8px;
+      border-radius: 999px;
+      border: 1px solid var(--border);
+      padding: 10px 14px;
+      color: var(--text);
+      background: rgba(255,255,255,0.05);
+      text-decoration: none;
+    }
+    .chip:hover { border-color: rgba(94, 234, 212, 0.42); }
+    h1 {
+      margin: 0 0 12px;
+      font-family: "IBM Plex Serif", Georgia, serif;
+      font-size: clamp(1.8rem, 4vw, 3rem);
+      line-height: 1.08;
+    }
+    .meta {
+      color: var(--muted);
+      margin-bottom: 18px;
+    }
+    pre {
+      margin: 0;
+      padding: 20px;
+      overflow: auto;
+      border-radius: 16px;
+      border: 1px solid rgba(137, 171, 214, 0.12);
+      background: rgba(2, 8, 22, 0.84);
+      color: #d6e5f5;
+      font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
+      font-size: 0.92rem;
+      line-height: 1.6;
+      white-space: pre-wrap;
+    }
+  </style>
+</head>
+<body>
+  <main>
+    <div class="panel">
+      <div class="actions">
+        <a class="chip" href="/overview/index.html">返回工作台</a>
+      </div>
+      <h1>Source Catalog Audit</h1>
+      <div class="meta">工作台内置镜像页：active/retired source、replacement map 与覆盖摘要。</div>
+      <pre># Source Catalog Audit
+
+- generated_at: `2026-03-18T17:41:42+00:00`
+- systems: `62`
+- sources: `146`
+- active_sources: `110`
+- retired_sources: `36`
+- systems_with_active_official: `62/62`
+- systems_with_machine_readable_source: `57/62`
+
+## Retired Sources
+
+- `adobe-commerce` `Adobe Security Bulletins` -&gt; replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
+- `adobe-commerce` `GHSA Adobe Commerce` -&gt; replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
+- `adobe-commerce` `Sansec Research` -&gt; replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
+- `angular` `GitHub Global Advisories` -&gt; replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
+- `astro` `GitHub Global Advisories` -&gt; replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+- `discourse` `Discourse Meta Security` -&gt; replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
+- `discourse` `GitHub Discourse Advisories` -&gt; replacements: `Discourse Release Notes RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
+- `django` `Django Security RSS` -&gt; replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
+- `drupal` `Drupal Security Advisories Site` -&gt; replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
+- `drupal` `GHSA Drupal Core` -&gt; replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
+- `esbuild` `GitHub Global Advisories` -&gt; replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
+- `express` `GitHub Global Advisories` -&gt; replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
+- `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
+- `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
+- `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
+- `haproxy` `HAProxy Security Advisories` -&gt; replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
+- `koa` `GitHub Global Advisories` -&gt; replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
+- `laravel` `GitHub Global Advisories` -&gt; replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
+- `mattermost` `Mattermost Security Updates` -&gt; replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
+- `mediawiki` `MediaWiki Security Releases` -&gt; replacements: `NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
+- `moodle` `Moodle Security News` -&gt; replacements: `NVD Moodle` | reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
+- `nestjs` `GitHub Global Advisories` -&gt; replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
+- `nextjs` `GitHub Global Advisories` -&gt; replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+- `nuxt` `GitHub Global Advisories` -&gt; replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+- `rails` `GitHub Global Advisories` -&gt; replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
+- `react` `GitHub Global Advisories` -&gt; replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+- `spring-boot` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+- `spring-framework` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
+- `spring-security` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+- `sveltekit` `GitHub Global Advisories` -&gt; replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
+- `symfony` `GitHub Global Advisories` -&gt; replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+- `undici` `GitHub Global Advisories` -&gt; replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
+- `vite` `GitHub Global Advisories` -&gt; replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+- `vue` `GitHub Global Advisories` -&gt; replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+- `webpack` `GitHub Global Advisories` -&gt; replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
+- `werkzeug` `GitHub Global Advisories` -&gt; replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
+</pre>
+    </div>
+  </main>
+</body>
+</html>

08-threat-intel/generated/dashboard/docs/source-map.html

@@ -174,6 +174,17 @@ systems:
         advisory_mode: module
         keywords: [drupal, module, sa-contrib]
         max_items: 50
+        status: retired
+        retired_reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
+        replacement_sources: [Drupal Security Advisories RSS, GHSA Drupal Core]
+      - name: GHSA Drupal Core
+        kind: ghsa-global
+        ecosystem: composer
+        confidence: ecosystem-authority
+        advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
+        replacement_sources: [Drupal Security Advisories RSS, NVD Drupal]
     research_sources: []
     package_names:
       - ecosystem: composer
@@ -325,6 +336,9 @@ systems:
         advisory_mode: core
         keywords: [mediawiki, security]
         max_items: 50
+        status: retired
+        retired_reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
+        replacement_sources: [NVD MediaWiki]
       - name: NVD MediaWiki
         kind: nvd-search
         keyword: MediaWiki
@@ -355,6 +369,9 @@ systems:
         advisory_mode: core
         keywords: [moodle, security]
         max_items: 50
+        status: retired
+        retired_reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
+        replacement_sources: [NVD Moodle]
       - name: NVD Moodle
         kind: nvd-search
         keyword: Moodle
@@ -385,13 +402,24 @@ systems:
         advisory_mode: core
         keywords: [discourse, security]
         max_items: 50
-      - name: GitHub Discourse Advisories
+        status: retired
-        kind: html-links
+        retired_reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
-        url: https://github.com/discourse/discourse/security/advisories
+        replacement_sources: [Discourse Release Notes RSS, GitHub Discourse Advisories]
+      - name: Discourse Release Notes RSS
+        kind: rss-feed
+        url: https://meta.discourse.org/tag/release-notes.rss
         confidence: official
         advisory_mode: core
-        keywords: [discourse]
+        keywords: [discourse, security, cve]
-        max_items: 50
+        max_items: 60
+      - name: GitHub Discourse Advisories
+        kind: ghsa-global
+        ecosystem: rubygems
+        confidence: official
+        advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
+        replacement_sources: [Discourse Release Notes RSS]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -418,6 +446,24 @@ systems:
         advisory_mode: core
         keywords: [adobe commerce, magento, apsb]
         max_items: 60
+        status: retired
+        retired_reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
+        replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce]
+      - name: Adobe Magento Security Index
+        kind: vendor-index
+        url: https://helpx.adobe.com/security/products/magento.html
+        confidence: official
+        advisory_mode: core
+        keywords: [adobe commerce, magento, apsb, security]
+        max_items: 60
+        request_policy:
+          user_agent: python-requests/2.31.0
+          timeout_seconds: 45
+          verify_tls: false
+          http_version: "1.1"
+        parser_hints:
+          keywords: [adobe commerce, magento, apsb, security]
+          include_url_patterns: [magento, security, APSB]
       - name: NVD Adobe Commerce
         kind: nvd-search
         keyword: Adobe Commerce
@@ -425,13 +471,24 @@ systems:
         advisory_mode: core
         results_per_page: 50
     ecosystem_sources:
+      - name: GHSA Adobe Commerce
+        kind: ghsa-global
+        ecosystem: composer
+        confidence: ecosystem-authority
+        advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
+        replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce]
       - name: Sansec Research
-        kind: html-links
+        kind: vendor-index
         url: https://sansec.io/research
         confidence: ecosystem-authority
         advisory_mode: extension
         keywords: [magento, adobe commerce]
         max_items: 50
+        status: retired
+        retired_reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
+        replacement_sources: [GHSA Adobe Commerce, Adobe Magento Security Index]
     research_sources: []
     package_names:
       - ecosystem: composer
@@ -757,6 +814,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+        replacement_sources: [GitHub React Advisories, OSV React]
       - name: OSV React
         kind: osv-batch
         confidence: official
@@ -795,6 +855,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+        replacement_sources: [GitHub Next.js Advisories, OSV Next.js]
       - name: OSV Next.js
         kind: osv-batch
         confidence: official
@@ -831,6 +894,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+        replacement_sources: [Vue Security, OSV Vue]
       - name: OSV Vue
         kind: osv-batch
         confidence: official
@@ -869,6 +935,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+        replacement_sources: [Nuxt Security, OSV Nuxt]
       - name: OSV Nuxt
         kind: osv-batch
         confidence: official
@@ -905,6 +974,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+        replacement_sources: [Vite Security, OSV Vite]
       - name: OSV Vite
         kind: osv-batch
         confidence: official
@@ -934,6 +1006,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
+        replacement_sources: [OSV Angular]
       - name: OSV Angular
         kind: osv-batch
         confidence: official
@@ -965,6 +1040,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
+        replacement_sources: [OSV SvelteKit]
       - name: OSV SvelteKit
         kind: osv-batch
         confidence: official
@@ -994,6 +1072,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+        replacement_sources: [OSV Astro]
       - name: OSV Astro
         kind: osv-batch
         confidence: official
@@ -1023,6 +1104,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
+        replacement_sources: [OSV Express]
       - name: OSV Express
         kind: osv-batch
         confidence: official
@@ -1052,6 +1136,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
+        replacement_sources: [OSV NestJS]
       - name: OSV NestJS
         kind: osv-batch
         confidence: official
@@ -1081,6 +1168,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
+        replacement_sources: [OSV Koa]
       - name: OSV Koa
         kind: osv-batch
         confidence: official
@@ -1110,6 +1200,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
+        replacement_sources: [OSV Fastify]
       - name: OSV Fastify
         kind: osv-batch
         confidence: official
@@ -1139,6 +1232,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
+        replacement_sources: [OSV Hapi]
       - name: OSV Hapi
         kind: osv-batch
         confidence: official
@@ -1198,6 +1294,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
+        replacement_sources: [OSV Undici]
       - name: OSV Undici
         kind: osv-batch
         confidence: official
@@ -1227,6 +1326,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
+        replacement_sources: [OSV webpack]
       - name: OSV webpack
         kind: osv-batch
         confidence: official
@@ -1256,6 +1358,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
+        replacement_sources: [OSV esbuild]
       - name: OSV esbuild
         kind: osv-batch
         confidence: official
@@ -1292,6 +1397,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
+        replacement_sources: [Spring Security Advisories]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1326,6 +1434,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+        replacement_sources: [Spring Security Advisories]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1358,6 +1469,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+        replacement_sources: [Spring Security Advisories]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1383,6 +1497,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
+        replacement_sources: [OSV Laravel]
       - name: OSV Laravel
         kind: osv-batch
         confidence: official
@@ -1412,6 +1529,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+        replacement_sources: [OSV Symfony]
       - name: OSV Symfony
         kind: osv-batch
         confidence: official
@@ -1444,6 +1564,29 @@ systems:
         advisory_mode: core
         keywords: [django]
         max_items: 60
+        status: retired
+        retired_reason: Official security tag feed became unstable; use official weblog index and release archive instead.
+        replacement_sources: [Django Security Weblog, Django Security Releases Archive]
+      - name: Django Security Weblog
+        kind: vendor-index
+        url: https://www.djangoproject.com/weblog/
+        confidence: official
+        advisory_mode: core
+        keywords: [django, security, release]
+        max_items: 60
+        parser_hints:
+          keywords: [django, security, release]
+          include_url_patterns: [/weblog/]
+      - name: Django Security Releases Archive
+        kind: vendor-index
+        url: https://docs.djangoproject.com/en/dev/releases/security/
+        confidence: official
+        advisory_mode: core
+        keywords: [django, security]
+        max_items: 40
+        parser_hints:
+          keywords: [django, security]
+          include_url_patterns: [/releases/security/]
       - name: OSV Django
         kind: osv-batch
         confidence: official
@@ -1477,6 +1620,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
+        replacement_sources: [OSV Flask]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1506,6 +1652,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
+        replacement_sources: [OSV Werkzeug]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1531,6 +1680,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
+        replacement_sources: [OSV Rails]
       - name: OSV Rails
         kind: osv-batch
         confidence: official
@@ -1798,6 +1950,16 @@ systems:
         advisory_mode: server
         keywords: [haproxy, security]
         max_items: 50
+        status: retired
+        retired_reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
+        replacement_sources: [HAProxy Blog Feed]
+      - name: HAProxy Blog Feed
+        kind: rss-feed
+        url: https://www.haproxy.com/feed/
+        confidence: official
+        advisory_mode: server
+        keywords: [haproxy, security, cve]
+        max_items: 40
       - name: NVD HAProxy
         kind: nvd-search
         keyword: HAProxy
@@ -2041,6 +2203,9 @@ systems:
         advisory_mode: core
         keywords: [mattermost]
         max_items: 50
+        status: retired
+        retired_reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
+        replacement_sources: [NVD Mattermost]
       - name: NVD Mattermost
         kind: nvd-search
         keyword: Mattermost

08-threat-intel/generated/dashboard/docs/testing-completeness-report.html

@@ -88,18 +88,20 @@
       <div class="meta">工作台内置镜像页：89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
       <pre># 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-18T14:45:55+00:00`
+- 生成时间: `2026-03-18T17:52:49+00:00`
-- 最新 advisory 完整度: `0/5` `verified-real`
+- 最新 advisory 完整度: `0/0` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
-- 人工/待补证据数量: `5`
+- 人工/待补证据数量: `0`
 - 完整度百分比: `0.0%`
+- active source 全绿: `110/110`
+- source open alerts: `0`
+- 最近一次 source 全绿: `2026-03-18T17:44:31+00:00`
 
 ## 系统覆盖矩阵
 
 | 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
 | --- | ---: | ---: | ---: | ---: | ---: | --- |
-| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
 
 ## 历史阻塞项修复纪要
 
@@ -107,39 +109,14 @@
 - Family profiles previously used note-only attack runners and dry-run placeholders.
 - Baseline and browser steps were skipped when environment readiness was not enforced.
 - Latest completeness now uses one advisory -&gt; latest run semantics instead of historical run piles.
+- Source health now counts only status=active sources; retired sources are audited separately with replacement links.
 
 ## Ingest / Source 健康度
 
-- source failures: `29`
+- source failures: `0`
-- drupal::Drupal Security Advisories Site::HTTPError
+- active sources: `110`
-- discourse::Discourse Meta Security::HTTPError
+- green sources: `110`
-- adobe-commerce::Adobe Security Bulletins::ConnectionError
+- open alerts: `0`
-- react::GitHub Global Advisories::TypeError
-- nextjs::GitHub Global Advisories::AttributeError
-- vue::GitHub Global Advisories::HTTPError
-- nuxt::GitHub Global Advisories::HTTPError
-- vite::GitHub Global Advisories::HTTPError
-- angular::GitHub Global Advisories::HTTPError
-- sveltekit::GitHub Global Advisories::HTTPError
-- astro::GitHub Global Advisories::HTTPError
-- express::GitHub Global Advisories::HTTPError
-- nestjs::GitHub Global Advisories::HTTPError
-- koa::GitHub Global Advisories::HTTPError
-- fastify::GitHub Global Advisories::HTTPError
-- hapi::GitHub Global Advisories::HTTPError
-- undici::GitHub Global Advisories::HTTPError
-- webpack::GitHub Global Advisories::HTTPError
-- esbuild::GitHub Global Advisories::HTTPError
-- spring-framework::GitHub Global Advisories::HTTPError
-- spring-security::GitHub Global Advisories::HTTPError
-- spring-boot::GitHub Global Advisories::HTTPError
-- laravel::GitHub Global Advisories::HTTPError
-- symfony::GitHub Global Advisories::HTTPError
-- django::Django Security RSS::HTTPError
-- flask::GitHub Global Advisories::HTTPError
-- werkzeug::GitHub Global Advisories::HTTPError
-- rails::GitHub Global Advisories::HTTPError
-- haproxy::HAProxy Security Advisories::HTTPError
 
 ## 剩余风险说明
 

08-threat-intel/generated/dashboard/summary.json

@@ -1,90 +1,32 @@
 {
-  "generated_at": "2026-03-18T14:45:55+00:00",
+  "generated_at": "2026-03-18T17:52:49+00:00",
-  "advisory_count": 5,
+  "advisory_count": 0,
   "run_count": 140,
-  "statuses": {
+  "statuses": {},
-    "triage-manual": 5
-  },
   "run_statuses": {
     "verified-real": 136,
     "blocked-artifact": 3,
     "triage-manual": 1
   },
-  "recent_failures": [
+  "recent_failures": [],
-    {
+  "monitoring": {
-      "run_id": null,
+    "active_source_count": 110,
-      "advisory_id": "nextjs--CVE-2026-27979",
+    "green_source_count": 110,
-      "status": "triage-manual",
+    "source_failure_count": 0,
-      "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+    "open_alert_count": 0,
-      "blocked_reason": null
+    "last_fully_green_run": "2026-03-18T17:44:31+00:00"
   },
-    {
+  "systems": [],
-      "run_id": null,
-      "advisory_id": "nextjs--CVE-2026-27980",
-      "status": "triage-manual",
-      "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
-      "blocked_reason": null
-    },
-    {
-      "run_id": null,
-      "advisory_id": "nextjs--CVE-2026-29057",
-      "status": "triage-manual",
-      "title": "Next.js: HTTP request smuggling in rewrites",
-      "blocked_reason": null
-    },
-    {
-      "run_id": null,
-      "advisory_id": "nextjs--CVE-2026-27978",
-      "status": "triage-manual",
-      "title": "Next.js: null origin can bypass Server Actions CSRF checks",
-      "blocked_reason": null
-    },
-    {
-      "run_id": null,
-      "advisory_id": "nextjs--CVE-2026-27977",
-      "status": "triage-manual",
-      "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
-      "blocked_reason": null
-    }
-  ],
-  "systems": [
-    {
-      "system_id": "nextjs",
-      "display_name": "Next.js",
-      "total": 5,
-      "verified_real": 0,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 5,
-      "browser_required": 0,
-      "browser_present": 0,
-      "latest_update": "2026-03-17T16:31:34.160932Z",
-      "category": "frameworks",
-      "tier": "history-full",
-      "output_dir": "07-framework-security/frameworks/nextjs",
-      "families": [
-        {
-          "family": "proxy-boundary",
-          "total": 4,
-          "verified_real": 0,
-          "manual": 4
-        },
-        {
-          "family": "request-smuggling",
-          "total": 1,
-          "verified_real": 0,
-          "manual": 1
-        }
-      ]
-    }
-  ],
   "completeness": {
-    "advisory_total": 5,
+    "advisory_total": 0,
     "verified_real": 0,
     "verified_synthetic": 0,
     "blocked": 0,
-    "manual": 5,
+    "manual": 0,
     "verified_ratio": 0.0,
-    "complete": false
+    "complete": false,
+    "source_failure_count": 0,
+    "active_source_count": 110,
+    "open_alert_count": 0
   }
 }

08-threat-intel/generated/dashboard/systems.json

@@ -1,31 +1 @@
-[
+[]
-  {
-    "system_id": "nextjs",
-    "display_name": "Next.js",
-    "total": 5,
-    "verified_real": 0,
-    "verified_synthetic": 0,
-    "blocked": 0,
-    "manual": 5,
-    "browser_required": 0,
-    "browser_present": 0,
-    "latest_update": "2026-03-17T16:31:34.160932Z",
-    "category": "frameworks",
-    "tier": "history-full",
-    "output_dir": "07-framework-security/frameworks/nextjs",
-    "families": [
-      {
-        "family": "proxy-boundary",
-        "total": 4,
-        "verified_real": 0,
-        "manual": 4
-      },
-      {
-        "family": "request-smuggling",
-        "total": 1,
-        "verified_real": 0,
-        "manual": 1
-      }
-    ]
-  }
-]

08-threat-intel/generated/latest-ingest.md

@@ -1,43 +1,11 @@
 # 最新同步摘要
 
-- 渲染时间: `2026-03-18T14:45:54+00:00`
+- 渲染时间: `2026-03-18T17:52:48+00:00`
 - 系统数量: `62`
-- Advisory 数量: `5`
+- Advisory 数量: `0`
-- 重点 Markdown 数量: `5`
+- 重点 Markdown 数量: `0`
 - Run Bundle 数量: `89`
-- 新增记录: `5`
+- 新增记录: `0`
 - 更新记录: `0`
 - Triage 数量: `0`
-- 失败的 source adapter: `29`
+- 失败的 source adapter: `0`
-
-## 失败列表
-
-- drupal::Drupal Security Advisories Site::HTTPError
-- discourse::Discourse Meta Security::HTTPError
-- adobe-commerce::Adobe Security Bulletins::ConnectionError
-- react::GitHub Global Advisories::TypeError
-- nextjs::GitHub Global Advisories::AttributeError
-- vue::GitHub Global Advisories::HTTPError
-- nuxt::GitHub Global Advisories::HTTPError
-- vite::GitHub Global Advisories::HTTPError
-- angular::GitHub Global Advisories::HTTPError
-- sveltekit::GitHub Global Advisories::HTTPError
-- astro::GitHub Global Advisories::HTTPError
-- express::GitHub Global Advisories::HTTPError
-- nestjs::GitHub Global Advisories::HTTPError
-- koa::GitHub Global Advisories::HTTPError
-- fastify::GitHub Global Advisories::HTTPError
-- hapi::GitHub Global Advisories::HTTPError
-- undici::GitHub Global Advisories::HTTPError
-- webpack::GitHub Global Advisories::HTTPError
-- esbuild::GitHub Global Advisories::HTTPError
-- spring-framework::GitHub Global Advisories::HTTPError
-- spring-security::GitHub Global Advisories::HTTPError
-- spring-boot::GitHub Global Advisories::HTTPError
-- laravel::GitHub Global Advisories::HTTPError
-- symfony::GitHub Global Advisories::HTTPError
-- django::Django Security RSS::HTTPError
-- flask::GitHub Global Advisories::HTTPError
-- werkzeug::GitHub Global Advisories::HTTPError
-- rails::GitHub Global Advisories::HTTPError
-- haproxy::HAProxy Security Advisories::HTTPError

08-threat-intel/generated/monitor-summary.json

@@ -0,0 +1,25 @@
+{
+  "generated_at": "2026-03-18T17:44:31+00:00",
+  "active_source_count": 110,
+  "green_source_count": 110,
+  "source_failure_count": 0,
+  "open_alert_count": 0,
+  "resolved_alert_count": 0,
+  "last_fully_green_run": "2026-03-18T17:44:31+00:00",
+  "source_catalog": {
+    "system_count": 62,
+    "source_count": 146,
+    "retired_source_count": 36
+  },
+  "ingest": {
+    "new_count": 0,
+    "updated_count": 0,
+    "failure_count": 0,
+    "systems_touched": []
+  },
+  "validation": {
+    "passed": true,
+    "error_count": 0,
+    "errors": []
+  }
+}

08-threat-intel/generated/retired-sources.json

@@ -0,0 +1,447 @@
+[
+  {
+    "system_id": "adobe-commerce",
+    "display_name": "Adobe Commerce",
+    "source_name": "Adobe Security Bulletins",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.",
+    "replacement_sources": [
+      "Adobe Magento Security Index",
+      "NVD Adobe Commerce",
+      "GHSA Adobe Commerce"
+    ],
+    "url": "https://helpx.adobe.com/security/products/magento.html"
+  },
+  {
+    "system_id": "adobe-commerce",
+    "display_name": "Adobe Commerce",
+    "source_name": "GHSA Adobe Commerce",
+    "bucket": "ecosystem_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.",
+    "replacement_sources": [
+      "Adobe Magento Security Index",
+      "NVD Adobe Commerce"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "adobe-commerce",
+    "display_name": "Adobe Commerce",
+    "source_name": "Sansec Research",
+    "bucket": "ecosystem_sources",
+    "kind": "vendor-index",
+    "retired_reason": "Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.",
+    "replacement_sources": [
+      "GHSA Adobe Commerce",
+      "Adobe Magento Security Index"
+    ],
+    "url": "https://sansec.io/research"
+  },
+  {
+    "system_id": "angular",
+    "display_name": "Angular",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Angular"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "astro",
+    "display_name": "Astro",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Astro"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "discourse",
+    "display_name": "Discourse",
+    "source_name": "Discourse Meta Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Meta security category HTML changed and no longer provides stable scrape semantics for health checks.",
+    "replacement_sources": [
+      "Discourse Release Notes RSS",
+      "GitHub Discourse Advisories"
+    ],
+    "url": "https://meta.discourse.org/c/bug/security/40"
+  },
+  {
+    "system_id": "discourse",
+    "display_name": "Discourse",
+    "source_name": "GitHub Discourse Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.",
+    "replacement_sources": [
+      "Discourse Release Notes RSS"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "django",
+    "display_name": "Django",
+    "source_name": "Django Security RSS",
+    "bucket": "official_sources",
+    "kind": "rss-feed",
+    "retired_reason": "Official security tag feed became unstable; use official weblog index and release archive instead.",
+    "replacement_sources": [
+      "Django Security Weblog",
+      "Django Security Releases Archive"
+    ],
+    "url": "https://www.djangoproject.com/weblog/feeds/tags/security/"
+  },
+  {
+    "system_id": "drupal",
+    "display_name": "Drupal",
+    "source_name": "Drupal Security Advisories Site",
+    "bucket": "ecosystem_sources",
+    "kind": "html-links",
+    "retired_reason": "Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.",
+    "replacement_sources": [
+      "Drupal Security Advisories RSS",
+      "GHSA Drupal Core"
+    ],
+    "url": "https://www.drupal.org/security"
+  },
+  {
+    "system_id": "drupal",
+    "display_name": "Drupal",
+    "source_name": "GHSA Drupal Core",
+    "bucket": "ecosystem_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.",
+    "replacement_sources": [
+      "Drupal Security Advisories RSS",
+      "NVD Drupal"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "esbuild",
+    "display_name": "esbuild",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.",
+    "replacement_sources": [
+      "OSV esbuild"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "express",
+    "display_name": "Express",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Express"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "fastify",
+    "display_name": "Fastify",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Fastify"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "flask",
+    "display_name": "Flask",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.",
+    "replacement_sources": [
+      "OSV Flask"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "hapi",
+    "display_name": "Hapi",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Hapi"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "haproxy",
+    "display_name": "HAProxy",
+    "source_name": "HAProxy Security Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Legacy haproxy.org security page no longer yields stable scrape results for monitoring.",
+    "replacement_sources": [
+      "HAProxy Blog Feed"
+    ],
+    "url": "https://www.haproxy.org/security/"
+  },
+  {
+    "system_id": "koa",
+    "display_name": "Koa",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Koa"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "laravel",
+    "display_name": "Laravel",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.",
+    "replacement_sources": [
+      "OSV Laravel"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "mattermost",
+    "display_name": "Mattermost",
+    "source_name": "Mattermost Security Updates",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.",
+    "replacement_sources": [
+      "NVD Mattermost"
+    ],
+    "url": "https://mattermost.com/security-updates/"
+  },
+  {
+    "system_id": "mediawiki",
+    "display_name": "MediaWiki",
+    "source_name": "MediaWiki Security Releases",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.",
+    "replacement_sources": [
+      "NVD MediaWiki"
+    ],
+    "url": "https://www.mediawiki.org/wiki/Security"
+  },
+  {
+    "system_id": "moodle",
+    "display_name": "Moodle",
+    "source_name": "Moodle Security News",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.",
+    "replacement_sources": [
+      "NVD Moodle"
+    ],
+    "url": "https://moodle.org/security/"
+  },
+  {
+    "system_id": "nestjs",
+    "display_name": "NestJS",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.",
+    "replacement_sources": [
+      "OSV NestJS"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "nextjs",
+    "display_name": "Next.js",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.",
+    "replacement_sources": [
+      "GitHub Next.js Advisories",
+      "OSV Next.js"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "nuxt",
+    "display_name": "Nuxt",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.",
+    "replacement_sources": [
+      "Nuxt Security",
+      "OSV Nuxt"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "rails",
+    "display_name": "Ruby on Rails",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.",
+    "replacement_sources": [
+      "OSV Rails"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "react",
+    "display_name": "React",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.",
+    "replacement_sources": [
+      "GitHub React Advisories",
+      "OSV React"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "spring-boot",
+    "display_name": "Spring Boot",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
+    "replacement_sources": [
+      "Spring Security Advisories"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "spring-framework",
+    "display_name": "Spring Framework",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.",
+    "replacement_sources": [
+      "Spring Security Advisories"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "spring-security",
+    "display_name": "Spring Security",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.",
+    "replacement_sources": [
+      "Spring Security Advisories"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "sveltekit",
+    "display_name": "SvelteKit",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.",
+    "replacement_sources": [
+      "OSV SvelteKit"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "symfony",
+    "display_name": "Symfony",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.",
+    "replacement_sources": [
+      "OSV Symfony"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "undici",
+    "display_name": "Undici",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.",
+    "replacement_sources": [
+      "OSV Undici"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "vite",
+    "display_name": "Vite",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.",
+    "replacement_sources": [
+      "Vite Security",
+      "OSV Vite"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "vue",
+    "display_name": "Vue",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.",
+    "replacement_sources": [
+      "Vue Security",
+      "OSV Vue"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "webpack",
+    "display_name": "webpack",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.",
+    "replacement_sources": [
+      "OSV webpack"
+    ],
+    "url": ""
+  },
+  {
+    "system_id": "werkzeug",
+    "display_name": "Werkzeug",
+    "source_name": "GitHub Global Advisories",
+    "bucket": "official_sources",
+    "kind": "ghsa-global",
+    "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.",
+    "replacement_sources": [
+      "OSV Werkzeug"
+    ],
+    "url": ""
+  }
+]

08-threat-intel/generated/run-summary.json

@@ -1,44 +1,12 @@
 {
-  "generated_at": "2026-03-18T14:45:54+00:00",
+  "generated_at": "2026-03-18T17:52:48+00:00",
   "system_count": 62,
-  "advisory_count": 5,
+  "advisory_count": 0,
-  "markdown_count": 5,
+  "markdown_count": 0,
-  "new_count": 5,
+  "new_count": 0,
   "updated_count": 0,
-  "systems_touched": [
+  "systems_touched": [],
-    "nextjs"
-  ],
   "triage_count": 0,
   "run_bundle_count": 89,
-  "failures": [
+  "failures": []
-    "drupal::Drupal Security Advisories Site::HTTPError",
-    "discourse::Discourse Meta Security::HTTPError",
-    "adobe-commerce::Adobe Security Bulletins::ConnectionError",
-    "react::GitHub Global Advisories::TypeError",
-    "nextjs::GitHub Global Advisories::AttributeError",
-    "vue::GitHub Global Advisories::HTTPError",
-    "nuxt::GitHub Global Advisories::HTTPError",
-    "vite::GitHub Global Advisories::HTTPError",
-    "angular::GitHub Global Advisories::HTTPError",
-    "sveltekit::GitHub Global Advisories::HTTPError",
-    "astro::GitHub Global Advisories::HTTPError",
-    "express::GitHub Global Advisories::HTTPError",
-    "nestjs::GitHub Global Advisories::HTTPError",
-    "koa::GitHub Global Advisories::HTTPError",
-    "fastify::GitHub Global Advisories::HTTPError",
-    "hapi::GitHub Global Advisories::HTTPError",
-    "undici::GitHub Global Advisories::HTTPError",
-    "webpack::GitHub Global Advisories::HTTPError",
-    "esbuild::GitHub Global Advisories::HTTPError",
-    "spring-framework::GitHub Global Advisories::HTTPError",
-    "spring-security::GitHub Global Advisories::HTTPError",
-    "spring-boot::GitHub Global Advisories::HTTPError",
-    "laravel::GitHub Global Advisories::HTTPError",
-    "symfony::GitHub Global Advisories::HTTPError",
-    "django::Django Security RSS::HTTPError",
-    "flask::GitHub Global Advisories::HTTPError",
-    "werkzeug::GitHub Global Advisories::HTTPError",
-    "rails::GitHub Global Advisories::HTTPError",
-    "haproxy::HAProxy Security Advisories::HTTPError"
-  ]
 }

08-threat-intel/generated/source-catalog-audit.md

@@ -0,0 +1,48 @@
+# Source Catalog Audit
+
+- generated_at: `2026-03-18T17:41:42+00:00`
+- systems: `62`
+- sources: `146`
+- active_sources: `110`
+- retired_sources: `36`
+- systems_with_active_official: `62/62`
+- systems_with_machine_readable_source: `57/62`
+
+## Retired Sources
+
+- `adobe-commerce` `Adobe Security Bulletins` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
+- `adobe-commerce` `GHSA Adobe Commerce` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
+- `adobe-commerce` `Sansec Research` -> replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
+- `angular` `GitHub Global Advisories` -> replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
+- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
+- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
+- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
+- `drupal` `Drupal Security Advisories Site` -> replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
+- `drupal` `GHSA Drupal Core` -> replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
+- `esbuild` `GitHub Global Advisories` -> replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
+- `express` `GitHub Global Advisories` -> replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
+- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
+- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
+- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
+- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
+- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
+- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
+- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
+- `mediawiki` `MediaWiki Security Releases` -> replacements: `NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
+- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
+- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
+- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
+- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
+- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
+- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
+- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
+- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.

08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json

@@ -1,72 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2026-27977",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
-  "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
-  "published_at": "2026-03-17T15:29:48Z",
-  "updated_at": "2026-03-17T15:46:26.028580Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-  ],
-  "aliases": [
-    "CVE-2026-27977",
-    "GHSA-jcc7-9wpm-mj36"
-  ],
-  "cve_ids": [
-    "CVE-2026-27977"
-  ],
-  "ghsa_ids": [
-    "GHSA-jcc7-9wpm-mj36"
-  ],
-  "osv_ids": [
-    "GHSA-jcc7-9wpm-mj36"
-  ],
-  "affected_versions": [
-    "introduced=16.0.1, fixed<16.1.7"
-  ],
-  "fixed_versions": [
-    "16.1.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-proxy-boundary",
-  "artifact_mode": "official-source",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}

08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json

@@ -1,72 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2026-27978",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js: null origin can bypass Server Actions CSRF checks",
-  "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
-  "published_at": "2026-03-17T15:30:14Z",
-  "updated_at": "2026-03-17T15:46:43.484729Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-  ],
-  "aliases": [
-    "CVE-2026-27978",
-    "GHSA-mq59-m269-xvcx"
-  ],
-  "cve_ids": [
-    "CVE-2026-27978"
-  ],
-  "ghsa_ids": [
-    "GHSA-mq59-m269-xvcx"
-  ],
-  "osv_ids": [
-    "GHSA-mq59-m269-xvcx"
-  ],
-  "affected_versions": [
-    "introduced=16.0.1, fixed<16.1.7"
-  ],
-  "fixed_versions": [
-    "16.1.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-proxy-boundary",
-  "artifact_mode": "official-source",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}

08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json

@@ -1,72 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2026-27979",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
-  "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
-  "published_at": "2026-03-17T16:16:49Z",
-  "updated_at": "2026-03-17T16:31:34.160932Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-  ],
-  "aliases": [
-    "CVE-2026-27979",
-    "GHSA-h27x-g6w4-24gq"
-  ],
-  "cve_ids": [
-    "CVE-2026-27979"
-  ],
-  "ghsa_ids": [
-    "GHSA-h27x-g6w4-24gq"
-  ],
-  "osv_ids": [
-    "GHSA-h27x-g6w4-24gq"
-  ],
-  "affected_versions": [
-    "introduced=16.0.1, fixed<16.1.7"
-  ],
-  "fixed_versions": [
-    "16.1.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-proxy-boundary",
-  "artifact_mode": "official-source",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}

08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json

@@ -1,72 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2026-27980",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
-  "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
-  "published_at": "2026-03-17T16:17:06Z",
-  "updated_at": "2026-03-17T16:31:33.597080Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-  ],
-  "aliases": [
-    "CVE-2026-27980",
-    "GHSA-3x4c-7xq6-9pq8"
-  ],
-  "cve_ids": [
-    "CVE-2026-27980"
-  ],
-  "ghsa_ids": [
-    "GHSA-3x4c-7xq6-9pq8"
-  ],
-  "osv_ids": [
-    "GHSA-3x4c-7xq6-9pq8"
-  ],
-  "affected_versions": [
-    "introduced=10.0.0, fixed<16.1.7"
-  ],
-  "fixed_versions": [
-    "16.1.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-proxy-boundary",
-  "artifact_mode": "official-source",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}

08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json

@@ -1,77 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2026-29057",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js: HTTP request smuggling in rewrites",
-  "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
-  "published_at": "2026-03-17T16:17:15Z",
-  "updated_at": "2026-03-17T16:31:26.646070Z",
-  "severity": "medium",
-  "cvss_score": 4.0,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v15.5.13",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-  ],
-  "aliases": [
-    "CVE-2026-29057",
-    "GHSA-ggv3-7p47-pfv8"
-  ],
-  "cve_ids": [
-    "CVE-2026-29057"
-  ],
-  "ghsa_ids": [
-    "GHSA-ggv3-7p47-pfv8"
-  ],
-  "osv_ids": [
-    "GHSA-ggv3-7p47-pfv8"
-  ],
-  "affected_versions": [
-    "introduced=16.0.0-beta.0, fixed<16.1.7",
-    "introduced=9.5.0, fixed<15.5.13"
-  ],
-  "fixed_versions": [
-    "16.1.7",
-    "15.5.13"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "request-smuggling-boundary",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": null,
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "request-smuggling-generic",
-  "artifact_mode": "official-source",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [
-      "OSV Next.js"
-    ],
-    "source_kinds": [
-      "osv-batch"
-    ],
-    "candidate_count": 1
-  }
-}

08-threat-intel/registry/systems/nextjs.json

@@ -3,10 +3,10 @@
   "display_name": "Next.js",
   "category": "frameworks",
   "tier": "history-full",
-  "total": 5,
+  "total": 0,
-  "markdown_cases": 5,
+  "markdown_cases": 0,
   "triage_count": 0,
-  "latest_update": "2026-03-17T16:31:34.160932Z",
+  "latest_update": "",
   "output_dir": "07-framework-security/frameworks/nextjs",
   "secure_code_topics": [
     "authz-server-side-recheck",
@@ -16,12 +16,6 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 5,
+  "manual_count": 0,
-  "items": [
+  "items": []
-    "nextjs--CVE-2026-29057",
-    "nextjs--CVE-2026-27980",
-    "nextjs--CVE-2026-27979",
-    "nextjs--CVE-2026-27978",
-    "nextjs--CVE-2026-27977"
-  ]
 }

08-threat-intel/source-map.yaml

@@ -86,6 +86,17 @@ systems:
         advisory_mode: module
         keywords: [drupal, module, sa-contrib]
         max_items: 50
+        status: retired
+        retired_reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
+        replacement_sources: [Drupal Security Advisories RSS, GHSA Drupal Core]
+      - name: GHSA Drupal Core
+        kind: ghsa-global
+        ecosystem: composer
+        confidence: ecosystem-authority
+        advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
+        replacement_sources: [Drupal Security Advisories RSS, NVD Drupal]
     research_sources: []
     package_names:
       - ecosystem: composer
@@ -237,6 +248,9 @@ systems:
         advisory_mode: core
         keywords: [mediawiki, security]
         max_items: 50
+        status: retired
+        retired_reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
+        replacement_sources: [NVD MediaWiki]
       - name: NVD MediaWiki
         kind: nvd-search
         keyword: MediaWiki
@@ -267,6 +281,9 @@ systems:
         advisory_mode: core
         keywords: [moodle, security]
         max_items: 50
+        status: retired
+        retired_reason: Moodle security page returned repeated 403 responses from the collector path; NVD replacement remains active.
+        replacement_sources: [NVD Moodle]
       - name: NVD Moodle
         kind: nvd-search
         keyword: Moodle
@@ -297,13 +314,24 @@ systems:
         advisory_mode: core
         keywords: [discourse, security]
         max_items: 50
-      - name: GitHub Discourse Advisories
+        status: retired
-        kind: html-links
+        retired_reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
-        url: https://github.com/discourse/discourse/security/advisories
+        replacement_sources: [Discourse Release Notes RSS, GitHub Discourse Advisories]
+      - name: Discourse Release Notes RSS
+        kind: rss-feed
+        url: https://meta.discourse.org/tag/release-notes.rss
         confidence: official
         advisory_mode: core
-        keywords: [discourse]
+        keywords: [discourse, security, cve]
-        max_items: 50
+        max_items: 60
+      - name: GitHub Discourse Advisories
+        kind: ghsa-global
+        ecosystem: rubygems
+        confidence: official
+        advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
+        replacement_sources: [Discourse Release Notes RSS]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -330,6 +358,24 @@ systems:
         advisory_mode: core
         keywords: [adobe commerce, magento, apsb]
         max_items: 60
+        status: retired
+        retired_reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
+        replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce]
+      - name: Adobe Magento Security Index
+        kind: vendor-index
+        url: https://helpx.adobe.com/security/products/magento.html
+        confidence: official
+        advisory_mode: core
+        keywords: [adobe commerce, magento, apsb, security]
+        max_items: 60
+        request_policy:
+          user_agent: python-requests/2.31.0
+          timeout_seconds: 45
+          verify_tls: false
+          http_version: "1.1"
+        parser_hints:
+          keywords: [adobe commerce, magento, apsb, security]
+          include_url_patterns: [magento, security, APSB]
       - name: NVD Adobe Commerce
         kind: nvd-search
         keyword: Adobe Commerce
@@ -337,13 +383,24 @@ systems:
         advisory_mode: core
         results_per_page: 50
     ecosystem_sources:
+      - name: GHSA Adobe Commerce
+        kind: ghsa-global
+        ecosystem: composer
+        confidence: ecosystem-authority
+        advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
+        replacement_sources: [Adobe Magento Security Index, NVD Adobe Commerce]
       - name: Sansec Research
-        kind: html-links
+        kind: vendor-index
         url: https://sansec.io/research
         confidence: ecosystem-authority
         advisory_mode: extension
         keywords: [magento, adobe commerce]
         max_items: 50
+        status: retired
+        retired_reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
+        replacement_sources: [GHSA Adobe Commerce, Adobe Magento Security Index]
     research_sources: []
     package_names:
       - ecosystem: composer
@@ -669,6 +726,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+        replacement_sources: [GitHub React Advisories, OSV React]
       - name: OSV React
         kind: osv-batch
         confidence: official
@@ -707,6 +767,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+        replacement_sources: [GitHub Next.js Advisories, OSV Next.js]
       - name: OSV Next.js
         kind: osv-batch
         confidence: official
@@ -743,6 +806,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+        replacement_sources: [Vue Security, OSV Vue]
       - name: OSV Vue
         kind: osv-batch
         confidence: official
@@ -781,6 +847,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+        replacement_sources: [Nuxt Security, OSV Nuxt]
       - name: OSV Nuxt
         kind: osv-batch
         confidence: official
@@ -817,6 +886,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+        replacement_sources: [Vite Security, OSV Vite]
       - name: OSV Vite
         kind: osv-batch
         confidence: official
@@ -846,6 +918,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
+        replacement_sources: [OSV Angular]
       - name: OSV Angular
         kind: osv-batch
         confidence: official
@@ -877,6 +952,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
+        replacement_sources: [OSV SvelteKit]
       - name: OSV SvelteKit
         kind: osv-batch
         confidence: official
@@ -906,6 +984,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+        replacement_sources: [OSV Astro]
       - name: OSV Astro
         kind: osv-batch
         confidence: official
@@ -935,6 +1016,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
+        replacement_sources: [OSV Express]
       - name: OSV Express
         kind: osv-batch
         confidence: official
@@ -964,6 +1048,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
+        replacement_sources: [OSV NestJS]
       - name: OSV NestJS
         kind: osv-batch
         confidence: official
@@ -993,6 +1080,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
+        replacement_sources: [OSV Koa]
       - name: OSV Koa
         kind: osv-batch
         confidence: official
@@ -1022,6 +1112,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
+        replacement_sources: [OSV Fastify]
       - name: OSV Fastify
         kind: osv-batch
         confidence: official
@@ -1051,6 +1144,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
+        replacement_sources: [OSV Hapi]
       - name: OSV Hapi
         kind: osv-batch
         confidence: official
@@ -1110,6 +1206,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
+        replacement_sources: [OSV Undici]
       - name: OSV Undici
         kind: osv-batch
         confidence: official
@@ -1139,6 +1238,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
+        replacement_sources: [OSV webpack]
       - name: OSV webpack
         kind: osv-batch
         confidence: official
@@ -1168,6 +1270,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
+        replacement_sources: [OSV esbuild]
       - name: OSV esbuild
         kind: osv-batch
         confidence: official
@@ -1204,6 +1309,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring Security Advisories remains the active replacement source.
+        replacement_sources: [Spring Security Advisories]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1238,6 +1346,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+        replacement_sources: [Spring Security Advisories]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1270,6 +1381,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; Spring official security page remains the active source.
+        replacement_sources: [Spring Security Advisories]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1295,6 +1409,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
+        replacement_sources: [OSV Laravel]
       - name: OSV Laravel
         kind: osv-batch
         confidence: official
@@ -1324,6 +1441,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+        replacement_sources: [OSV Symfony]
       - name: OSV Symfony
         kind: osv-batch
         confidence: official
@@ -1356,6 +1476,29 @@ systems:
         advisory_mode: core
         keywords: [django]
         max_items: 60
+        status: retired
+        retired_reason: Official security tag feed became unstable; use official weblog index and release archive instead.
+        replacement_sources: [Django Security Weblog, Django Security Releases Archive]
+      - name: Django Security Weblog
+        kind: vendor-index
+        url: https://www.djangoproject.com/weblog/
+        confidence: official
+        advisory_mode: core
+        keywords: [django, security, release]
+        max_items: 60
+        parser_hints:
+          keywords: [django, security, release]
+          include_url_patterns: [/weblog/]
+      - name: Django Security Releases Archive
+        kind: vendor-index
+        url: https://docs.djangoproject.com/en/dev/releases/security/
+        confidence: official
+        advisory_mode: core
+        keywords: [django, security]
+        max_items: 40
+        parser_hints:
+          keywords: [django, security]
+          include_url_patterns: [/releases/security/]
       - name: OSV Django
         kind: osv-batch
         confidence: official
@@ -1389,6 +1532,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
+        replacement_sources: [OSV Flask]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1418,6 +1564,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
+        replacement_sources: [OSV Werkzeug]
     ecosystem_sources: []
     research_sources: []
     package_names:
@@ -1443,6 +1592,9 @@ systems:
         name: GitHub Global Advisories
         confidence: official
         advisory_mode: core
+        status: retired
+        retired_reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
+        replacement_sources: [OSV Rails]
       - name: OSV Rails
         kind: osv-batch
         confidence: official
@@ -1710,6 +1862,16 @@ systems:
         advisory_mode: server
         keywords: [haproxy, security]
         max_items: 50
+        status: retired
+        retired_reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
+        replacement_sources: [HAProxy Blog Feed]
+      - name: HAProxy Blog Feed
+        kind: rss-feed
+        url: https://www.haproxy.com/feed/
+        confidence: official
+        advisory_mode: server
+        keywords: [haproxy, security, cve]
+        max_items: 40
       - name: NVD HAProxy
         kind: nvd-search
         keyword: HAProxy
@@ -1953,6 +2115,9 @@ systems:
         advisory_mode: core
         keywords: [mattermost]
         max_items: 50
+        status: retired
+        retired_reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
+        replacement_sources: [NVD Mattermost]
       - name: NVD Mattermost
         kind: nvd-search
         keyword: Mattermost

docs/testing-completeness-report.md

@@ -1,17 +1,19 @@
 # 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-18T14:45:55+00:00`
+- 生成时间: `2026-03-18T17:52:49+00:00`
-- 最新 advisory 完整度: `0/5` `verified-real`
+- 最新 advisory 完整度: `0/0` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
-- 人工/待补证据数量: `5`
+- 人工/待补证据数量: `0`
 - 完整度百分比: `0.0%`
+- active source 全绿: `110/110`
+- source open alerts: `0`
+- 最近一次 source 全绿: `2026-03-18T17:44:31+00:00`
 
 ## 系统覆盖矩阵
 
 | 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
 | --- | ---: | ---: | ---: | ---: | ---: | --- |
-| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
 
 ## 历史阻塞项修复纪要
 
@@ -19,39 +21,14 @@
 - Family profiles previously used note-only attack runners and dry-run placeholders.
 - Baseline and browser steps were skipped when environment readiness was not enforced.
 - Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
+- Source health now counts only status=active sources; retired sources are audited separately with replacement links.
 
 ## Ingest / Source 健康度
 
-- source failures: `29`
+- source failures: `0`
-- drupal::Drupal Security Advisories Site::HTTPError
+- active sources: `110`
-- discourse::Discourse Meta Security::HTTPError
+- green sources: `110`
-- adobe-commerce::Adobe Security Bulletins::ConnectionError
+- open alerts: `0`
-- react::GitHub Global Advisories::TypeError
-- nextjs::GitHub Global Advisories::AttributeError
-- vue::GitHub Global Advisories::HTTPError
-- nuxt::GitHub Global Advisories::HTTPError
-- vite::GitHub Global Advisories::HTTPError
-- angular::GitHub Global Advisories::HTTPError
-- sveltekit::GitHub Global Advisories::HTTPError
-- astro::GitHub Global Advisories::HTTPError
-- express::GitHub Global Advisories::HTTPError
-- nestjs::GitHub Global Advisories::HTTPError
-- koa::GitHub Global Advisories::HTTPError
-- fastify::GitHub Global Advisories::HTTPError
-- hapi::GitHub Global Advisories::HTTPError
-- undici::GitHub Global Advisories::HTTPError
-- webpack::GitHub Global Advisories::HTTPError
-- esbuild::GitHub Global Advisories::HTTPError
-- spring-framework::GitHub Global Advisories::HTTPError
-- spring-security::GitHub Global Advisories::HTTPError
-- spring-boot::GitHub Global Advisories::HTTPError
-- laravel::GitHub Global Advisories::HTTPError
-- symfony::GitHub Global Advisories::HTTPError
-- django::Django Security RSS::HTTPError
-- flask::GitHub Global Advisories::HTTPError
-- werkzeug::GitHub Global Advisories::HTTPError
-- rails::GitHub Global Advisories::HTTPError
-- haproxy::HAProxy Security Advisories::HTTPError
 
 ## 剩余风险说明
 

ops/launchd/com.hao.websafe.intel-monitor.plist

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>com.hao.websafe.intel-monitor</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/bin/bash</string>
+    <string>/Users/x/websafe/scripts/sync-gitea.sh</string>
+    <string>--monitor-sync</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>/Users/x/websafe</string>
+  <key>StartCalendarInterval</key>
+  <dict>
+    <key>Hour</key>
+    <integer>2</integer>
+    <key>Minute</key>
+    <integer>17</integer>
+  </dict>
+  <key>RunAtLoad</key>
+  <false/>
+  <key>StandardOutPath</key>
+  <string>/Users/x/Library/Logs/websafe-intel-monitor.out.log</string>
+  <key>StandardErrorPath</key>
+  <string>/Users/x/Library/Logs/websafe-intel-monitor.err.log</string>
+  <key>EnvironmentVariables</key>
+  <dict>
+    <key>PATH</key>
+    <string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+  </dict>
+</dict>
+</plist>

scripts/install-intel-monitor-launchagent.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -euo pipefail
+
+PLIST_SOURCE="/Users/x/websafe/ops/launchd/com.hao.websafe.intel-monitor.plist"
+PLIST_TARGET="$HOME/Library/LaunchAgents/com.hao.websafe.intel-monitor.plist"
+LABEL="com.hao.websafe.intel-monitor"
+GUI_DOMAIN="gui/$(id -u)"
+
+mkdir -p "$HOME/Library/LaunchAgents" "$HOME/Library/Logs"
+cp "$PLIST_SOURCE" "$PLIST_TARGET"
+
+launchctl bootout "$GUI_DOMAIN" "$PLIST_TARGET" >/dev/null 2>&1 || true
+launchctl bootstrap "$GUI_DOMAIN" "$PLIST_TARGET"
+launchctl enable "$GUI_DOMAIN/$LABEL"
+
+echo "Installed $LABEL"
+echo "Plist: $PLIST_TARGET"

scripts/intel/config.py

@@ -33,7 +33,7 @@ SOURCE_BUCKETS = ("official_sources", "ecosystem_sources", "research_sources")
 MACHINE_READABLE_SOURCE_KINDS = {"ghsa-global", "osv-batch", "nvd-search", "kev-json", "json-feed", "rss-feed", "atom-feed"}
 
 DEFAULT_REQUEST_POLICY = {
-    "user_agent": "websafe-intel",
+    "user_agent": "python-requests/2.31.0",
     "accept": "",
     "timeout_seconds": 30,
     "verify_tls": True,

scripts/intel/http_client.py

@@ -4,14 +4,12 @@ import time
 from typing import Any, Dict
 
 import requests
-from requests.adapters import HTTPAdapter
-from urllib3.util.retry import Retry
 
 from intel.config import DEFAULT_HEALTH_POLICY, DEFAULT_REQUEST_POLICY
 
 
 DEFAULT_TIMEOUT = 30
-DEFAULT_USER_AGENT = "websafe-intel"
+DEFAULT_USER_AGENT = "python-requests/2.31.0"
 
 
 def _request_policy(source: Dict[str, Any] | None = None) -> Dict[str, Any]:
@@ -23,21 +21,8 @@ def _health_policy(source: Dict[str, Any] | None = None) -> Dict[str, Any]:
 
 
 def build_session(source: Dict[str, Any] | None = None) -> requests.Session:
-    health_policy = _health_policy(source)
     session = requests.Session()
-    retry = Retry(
+    session.trust_env = True
-        total=int(health_policy.get("retries") or 3),
-        connect=int(health_policy.get("retries") or 3),
-        read=int(health_policy.get("retries") or 3),
-        status=int(health_policy.get("retries") or 3),
-        backoff_factor=float(health_policy.get("backoff_seconds") or 0.5),
-        allowed_methods=frozenset(["GET", "POST"]),
-        status_forcelist=[429, 500, 502, 503, 504],
-        raise_on_status=False,
-    )
-    adapter = HTTPAdapter(max_retries=retry)
-    session.mount("https://", adapter)
-    session.mount("http://", adapter)
     request_policy = _request_policy(source)
     headers = {"User-Agent": request_policy.get("user_agent") or DEFAULT_USER_AGENT}
     if request_policy.get("accept"):
@@ -63,8 +48,6 @@ def request(
         headers["User-Agent"] = request_policy.get("user_agent") or DEFAULT_USER_AGENT
     if request_policy.get("accept") and "Accept" not in headers:
         headers["Accept"] = request_policy["accept"]
-    if request_policy.get("http_version") == "1.1" and "Connection" not in headers:
-        headers["Connection"] = "close"
     timeout_value = timeout if timeout != DEFAULT_TIMEOUT else int(request_policy.get("timeout_seconds") or DEFAULT_TIMEOUT)
     allow_redirects = kwargs.pop("allow_redirects", bool(request_policy.get("follow_redirects", True)))
     verify = kwargs.pop("verify", bool(request_policy.get("verify_tls", True)))