From 49fe46ab8903d31defff63176e5a526bc31df89e Mon Sep 17 00:00:00 2001
From: hao <hao@users.noreply.git.hk.hao.work>
Date: Thu, 19 Mar 2026 16:45:07 -0700
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0:=20114=20=E4=B8=AA=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=20-=202026-03-19=2016:45:07?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 07-framework-security/cms/directus/INDEX.md   |    2 +-
 07-framework-security/cms/discourse/INDEX.md  |    2 +-
 07-framework-security/cms/drupal/INDEX.md     |    2 +-
 07-framework-security/cms/ghost/INDEX.md      |    2 +-
 07-framework-security/cms/joomla/INDEX.md     |    2 +-
 07-framework-security/cms/mediawiki/INDEX.md  |    2 +-
 07-framework-security/cms/moodle/INDEX.md     |    2 +-
 07-framework-security/cms/strapi/INDEX.md     |    2 +-
 07-framework-security/cms/wordpress/INDEX.md  |    2 +-
 .../ecommerce/adobe-commerce/INDEX.md         |    2 +-
 .../ecommerce/magento-open-source/INDEX.md    |    2 +-
 .../ecommerce/medusa/INDEX.md                 |    2 +-
 .../ecommerce/opencart/INDEX.md               |    2 +-
 .../ecommerce/openmage/INDEX.md               |    2 +-
 .../ecommerce/prestashop/INDEX.md             |    2 +-
 .../ecommerce/saleor/INDEX.md                 |    2 +-
 .../ecommerce/shopware/INDEX.md               |    2 +-
 .../ecommerce/woocommerce/INDEX.md            |    2 +-
 .../frameworks/angular/INDEX.md               |    2 +-
 .../frameworks/aspnet-core/INDEX.md           |    2 +-
 .../frameworks/astro/INDEX.md                 |    2 +-
 .../frameworks/django/INDEX.md                |    2 +-
 .../frameworks/echo/INDEX.md                  |    2 +-
 .../frameworks/esbuild/INDEX.md               |    2 +-
 .../frameworks/express/INDEX.md               |    2 +-
 .../frameworks/fastify/INDEX.md               |    2 +-
 .../frameworks/flask/INDEX.md                 |    2 +-
 07-framework-security/frameworks/gin/INDEX.md |    2 +-
 .../frameworks/hapi/INDEX.md                  |    2 +-
 07-framework-security/frameworks/koa/INDEX.md |    2 +-
 .../frameworks/laravel/INDEX.md               |    2 +-
 .../frameworks/nestjs/INDEX.md                |    2 +-
 .../frameworks/nextjs/INDEX.md                |   12 +-
 .../nextjs/cases/nextjs-cve-2026-27977.md     |    3 +-
 .../nextjs/cases/nextjs-cve-2026-27978.md     |    3 +-
 .../nextjs/cases/nextjs-cve-2026-27979.md     |    3 +-
 .../nextjs/cases/nextjs-cve-2026-27980.md     |   11 +-
 .../nextjs/cases/nextjs-cve-2026-29057.md     |    2 +-
 .../frameworks/nodejs/INDEX.md                |    2 +-
 .../frameworks/nuxt/INDEX.md                  |    2 +-
 .../frameworks/rails/INDEX.md                 |    2 +-
 .../frameworks/react/INDEX.md                 |    2 +-
 .../frameworks/spring-boot/INDEX.md           |    2 +-
 .../frameworks/spring-framework/INDEX.md      |    2 +-
 .../frameworks/spring-security/INDEX.md       |    2 +-
 .../frameworks/sveltekit/INDEX.md             |    2 +-
 .../frameworks/symfony/INDEX.md               |    2 +-
 .../frameworks/undici/INDEX.md                |    2 +-
 .../frameworks/vite/INDEX.md                  |    2 +-
 07-framework-security/frameworks/vue/INDEX.md |    2 +-
 .../frameworks/webpack/INDEX.md               |    2 +-
 .../frameworks/werkzeug/INDEX.md              |    2 +-
 .../platforms/adminer/INDEX.md                |    2 +-
 .../platforms/gitea/INDEX.md                  |    2 +-
 .../platforms/gitlab-ce/INDEX.md              |    2 +-
 .../platforms/grafana/INDEX.md                |    2 +-
 .../platforms/jenkins/INDEX.md                |    2 +-
 .../platforms/kibana/INDEX.md                 |   12 +-
 .../platforms/mattermost/INDEX.md             |   11 +-
 .../cases/mattermost-cve-2026-22545.md        |  113 +
 .../platforms/phpmyadmin/INDEX.md             |    2 +-
 .../platforms/redmine/INDEX.md                |    2 +-
 .../servers/apache-httpd/INDEX.md             |    2 +-
 .../servers/apache-tomcat/INDEX.md            |    2 +-
 07-framework-security/servers/caddy/INDEX.md  |    2 +-
 .../servers/haproxy/INDEX.md                  |    2 +-
 07-framework-security/servers/nginx/INDEX.md  |    2 +-
 .../servers/traefik/INDEX.md                  |    2 +-
 08-threat-intel/generated/coverage-matrix.md  |    6 +-
 .../generated/dashboard/advisories.json       |  609 ++-
 .../generated/dashboard/architecture.json     |   12 +-
 .../dashboard/data/completeness.json          |   30 +-
 .../dashboard/data/monitor-summary.json       |   20 +-
 .../dashboard/data/source-catalog-audit.json  |  231 +-
 .../dashboard/data/source-health.json         |  428 +-
 .../dashboard/docs/architecture-library.html  |   12 +-
 .../dashboard/docs/coverage-matrix.html       |    6 +-
 .../dashboard/docs/retired-sources.html       |  108 +
 .../dashboard/docs/source-catalog-audit.html  |   15 +-
 .../generated/dashboard/docs/source-map.html  |   27 +
 .../docs/testing-completeness-report.html     |   10 +-
 .../generated/dashboard/summary.json          |  108 +-
 .../generated/dashboard/systems.json          |   94 +-
 08-threat-intel/generated/latest-ingest.md    |   12 +-
 .../generated/monitor-summary.json            |   20 +-
 .../generated/retired-sources.json            |  108 +
 08-threat-intel/generated/run-summary.json    |   18 +-
 .../generated/source-catalog-audit.json       |  231 +-
 .../generated/source-catalog-audit.md         |   15 +-
 08-threat-intel/generated/source-health.json  |  428 +-
 .../advisories/kibana--012933e759.json        |   60 +
 .../advisories/kibana--0fcd01159e.json        |   59 +
 .../advisories/kibana--4bfdbe9da9.json        |   61 +
 .../advisories/kibana--4d0ef3a07b.json        |   60 +
 .../advisories/kibana--844efe5dac.json        |   61 +
 .../advisories/kibana--ca14c406d9.json        |   62 +
 .../mattermost--CVE-2026-22545.json           |   83 +
 .../advisories/nextjs--CVE-2026-27977.json    |    3 +-
 .../advisories/nextjs--CVE-2026-27978.json    |    3 +-
 .../advisories/nextjs--CVE-2026-27979.json    |    3 +-
 .../advisories/nextjs--CVE-2026-27980.json    |   11 +-
 .../advisories/nextjs--CVE-2026-29057.json    |    2 +-
 .../monitoring/2026-03-19T23-44-51+00-00.json | 3975 +++++++++++++++++
 08-threat-intel/registry/systems/kibana.json  |   14 +-
 .../registry/systems/mattermost.json          |    7 +-
 08-threat-intel/registry/systems/nextjs.json  |    2 +-
 .../registry/triage/kibana--012933e759.json   |   12 +
 .../registry/triage/kibana--0fcd01159e.json   |   12 +
 .../registry/triage/kibana--4bfdbe9da9.json   |   12 +
 .../registry/triage/kibana--4d0ef3a07b.json   |   12 +
 .../registry/triage/kibana--844efe5dac.json   |   12 +
 .../registry/triage/kibana--ca14c406d9.json   |   12 +
 08-threat-intel/source-map.yaml               |   27 +
 docs/testing-completeness-report.md           |   10 +-
 114 files changed, 6388 insertions(+), 1023 deletions(-)
 create mode 100644 07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md
 create mode 100644 08-threat-intel/registry/advisories/kibana--012933e759.json
 create mode 100644 08-threat-intel/registry/advisories/kibana--0fcd01159e.json
 create mode 100644 08-threat-intel/registry/advisories/kibana--4bfdbe9da9.json
 create mode 100644 08-threat-intel/registry/advisories/kibana--4d0ef3a07b.json
 create mode 100644 08-threat-intel/registry/advisories/kibana--844efe5dac.json
 create mode 100644 08-threat-intel/registry/advisories/kibana--ca14c406d9.json
 create mode 100644 08-threat-intel/registry/advisories/mattermost--CVE-2026-22545.json
 create mode 100644 08-threat-intel/registry/monitoring/2026-03-19T23-44-51+00-00.json
 create mode 100644 08-threat-intel/registry/triage/kibana--012933e759.json
 create mode 100644 08-threat-intel/registry/triage/kibana--0fcd01159e.json
 create mode 100644 08-threat-intel/registry/triage/kibana--4bfdbe9da9.json
 create mode 100644 08-threat-intel/registry/triage/kibana--4d0ef3a07b.json
 create mode 100644 08-threat-intel/registry/triage/kibana--844efe5dac.json
 create mode 100644 08-threat-intel/registry/triage/kibana--ca14c406d9.json

diff --git a/07-framework-security/cms/directus/INDEX.md b/07-framework-security/cms/directus/INDEX.md
index b0e7628e..ece73b09 100644
--- a/07-framework-security/cms/directus/INDEX.md
+++ b/07-framework-security/cms/directus/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `29`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/discourse/INDEX.md b/07-framework-security/cms/discourse/INDEX.md
index 879c419b..0a1f6276 100644
--- a/07-framework-security/cms/discourse/INDEX.md
+++ b/07-framework-security/cms/discourse/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `30`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/drupal/INDEX.md b/07-framework-security/cms/drupal/INDEX.md
index 89b301e3..a36c198e 100644
--- a/07-framework-security/cms/drupal/INDEX.md
+++ b/07-framework-security/cms/drupal/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `70`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/ghost/INDEX.md b/07-framework-security/cms/ghost/INDEX.md
index eab9fdf5..11559fbb 100644
--- a/07-framework-security/cms/ghost/INDEX.md
+++ b/07-framework-security/cms/ghost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `23`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/joomla/INDEX.md b/07-framework-security/cms/joomla/INDEX.md
index e3fe0fc1..da18f32e 100644
--- a/07-framework-security/cms/joomla/INDEX.md
+++ b/07-framework-security/cms/joomla/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `100`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/mediawiki/INDEX.md b/07-framework-security/cms/mediawiki/INDEX.md
index 2137f382..c7534ee5 100644
--- a/07-framework-security/cms/mediawiki/INDEX.md
+++ b/07-framework-security/cms/mediawiki/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `70`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/moodle/INDEX.md b/07-framework-security/cms/moodle/INDEX.md
index 08088c89..81632db0 100644
--- a/07-framework-security/cms/moodle/INDEX.md
+++ b/07-framework-security/cms/moodle/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `40`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/strapi/INDEX.md b/07-framework-security/cms/strapi/INDEX.md
index 9b8a7c06..08ec5573 100644
--- a/07-framework-security/cms/strapi/INDEX.md
+++ b/07-framework-security/cms/strapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `26`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/wordpress/INDEX.md b/07-framework-security/cms/wordpress/INDEX.md
index 9731259a..800ea3cc 100644
--- a/07-framework-security/cms/wordpress/INDEX.md
+++ b/07-framework-security/cms/wordpress/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `140`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/adobe-commerce/INDEX.md b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
index dcee621b..23b293d4 100644
--- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md
+++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `81`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/magento-open-source/INDEX.md b/07-framework-security/ecommerce/magento-open-source/INDEX.md
index 398d5e0b..229afe8e 100644
--- a/07-framework-security/ecommerce/magento-open-source/INDEX.md
+++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `89`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/medusa/INDEX.md b/07-framework-security/ecommerce/medusa/INDEX.md
index c7b6a5cb..3ab48fad 100644
--- a/07-framework-security/ecommerce/medusa/INDEX.md
+++ b/07-framework-security/ecommerce/medusa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `15`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/opencart/INDEX.md b/07-framework-security/ecommerce/opencart/INDEX.md
index 62e80d94..f6e58ea9 100644
--- a/07-framework-security/ecommerce/opencart/INDEX.md
+++ b/07-framework-security/ecommerce/opencart/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `100`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/openmage/INDEX.md b/07-framework-security/ecommerce/openmage/INDEX.md
index 148aba52..c538d102 100644
--- a/07-framework-security/ecommerce/openmage/INDEX.md
+++ b/07-framework-security/ecommerce/openmage/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `27`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/prestashop/INDEX.md b/07-framework-security/ecommerce/prestashop/INDEX.md
index de498bc4..557cbbc6 100644
--- a/07-framework-security/ecommerce/prestashop/INDEX.md
+++ b/07-framework-security/ecommerce/prestashop/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `112`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/saleor/INDEX.md b/07-framework-security/ecommerce/saleor/INDEX.md
index 4dfbb4f1..ab9c6b19 100644
--- a/07-framework-security/ecommerce/saleor/INDEX.md
+++ b/07-framework-security/ecommerce/saleor/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `24`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/shopware/INDEX.md b/07-framework-security/ecommerce/shopware/INDEX.md
index 04f350e5..f9eb3590 100644
--- a/07-framework-security/ecommerce/shopware/INDEX.md
+++ b/07-framework-security/ecommerce/shopware/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `71`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/woocommerce/INDEX.md b/07-framework-security/ecommerce/woocommerce/INDEX.md
index 6feb35b9..723e42c2 100644
--- a/07-framework-security/ecommerce/woocommerce/INDEX.md
+++ b/07-framework-security/ecommerce/woocommerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `111`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/angular/INDEX.md b/07-framework-security/frameworks/angular/INDEX.md
index a7a966ee..622f78b9 100644
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/aspnet-core/INDEX.md b/07-framework-security/frameworks/aspnet-core/INDEX.md
index 9e9fa120..cfd09b84 100644
--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `3`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/astro/INDEX.md b/07-framework-security/frameworks/astro/INDEX.md
index 9a80ba43..4271b564 100644
--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `14`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/django/INDEX.md b/07-framework-security/frameworks/django/INDEX.md
index 75dadb1f..4baaf20a 100644
--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `82`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/echo/INDEX.md b/07-framework-security/frameworks/echo/INDEX.md
index a93df2b6..538969b3 100644
--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/esbuild/INDEX.md b/07-framework-security/frameworks/esbuild/INDEX.md
index c6489c3e..b516696c 100644
--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/express/INDEX.md b/07-framework-security/frameworks/express/INDEX.md
index 79804aa7..5e952c3a 100644
--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/fastify/INDEX.md b/07-framework-security/frameworks/fastify/INDEX.md
index 8b4f87ea..fdba21d9 100644
--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/flask/INDEX.md b/07-framework-security/frameworks/flask/INDEX.md
index 77a440e8..de9f531a 100644
--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/gin/INDEX.md b/07-framework-security/frameworks/gin/INDEX.md
index b31326df..237297d3 100644
--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/hapi/INDEX.md b/07-framework-security/frameworks/hapi/INDEX.md
index b2bed931..b4149e2a 100644
--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/koa/INDEX.md b/07-framework-security/frameworks/koa/INDEX.md
index 2a1a53c5..cb81ee1b 100644
--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/laravel/INDEX.md b/07-framework-security/frameworks/laravel/INDEX.md
index bdd094c0..1a7b2696 100644
--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nestjs/INDEX.md b/07-framework-security/frameworks/nestjs/INDEX.md
index 4e476d62..c026bfdc 100644
--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nextjs/INDEX.md b/07-framework-security/frameworks/nextjs/INDEX.md
index 8b931e92..a4e01195 100644
--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `40`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
@@ -32,11 +32,11 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-18T22:02:16.858114Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
-| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
-| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
-| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
-| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
+| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T17:59:01.302251Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
+| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:47:09.413134Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
+| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:48:06.587119Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
+| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:31:23.523529Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
+| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:32:38.608475Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
 | Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
 | Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
 | Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
index 09cf7bec..8879ab9b 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T15:29:48Z"
-updated_date: "2026-03-17T15:46:26.028580Z"
+updated_date: "2026-03-19T18:32:38.608475Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -56,6 +56,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7
 
 ## 其他来源
 
+- https://nvd.nist.gov/vuln/detail/CVE-2026-27977
 - https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
index 0aaa6be4..1966c1ff 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T15:30:14Z"
-updated_date: "2026-03-17T15:46:43.484729Z"
+updated_date: "2026-03-19T18:31:23.523529Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -56,6 +56,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mq59
 
 ## 其他来源
 
+- https://nvd.nist.gov/vuln/detail/CVE-2026-27978
 - https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
index ce693495..70b4c861 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T16:16:49Z"
-updated_date: "2026-03-17T16:31:34.160932Z"
+updated_date: "2026-03-19T18:48:06.587119Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -56,6 +56,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-h27x
 
 ## 其他来源
 
+- https://nvd.nist.gov/vuln/detail/CVE-2026-27979
 - https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
index a9bf3d87..a3ae2edf 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T16:17:06Z"
-updated_date: "2026-03-17T16:31:33.597080Z"
+updated_date: "2026-03-19T18:47:09.413134Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -23,9 +23,11 @@ aliases:
   - "CVE-2026-27980"
   - "GHSA-3x4c-7xq6-9pq8"
 affected_versions:
-  - "introduced=10.0.0, fixed<16.1.7"
+  - "introduced=16.0.0-beta.0, fixed<16.1.7"
+  - "introduced=10.0.0, fixed<15.5.14"
 fixed_versions:
   - "16.1.7"
+  - "15.5.14"
 secure_code_topics:
   - "authz-server-side-recheck"
   - "proxy-trust-boundary"
@@ -51,11 +53,12 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8
-- 影响版本: `introduced=10.0.0, fixed<16.1.7`
-- 修复版本: `16.1.7`
+- 影响版本: `introduced=16.0.0-beta.0, fixed<16.1.7, introduced=10.0.0, fixed<15.5.14`
+- 修复版本: `16.1.7, 15.5.14`
 
 ## 其他来源
 
+- https://nvd.nist.gov/vuln/detail/CVE-2026-27980
 - https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
index 8a4eed4f..3a48c6c1 100644
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T16:17:15Z"
-updated_date: "2026-03-18T22:02:16.858114Z"
+updated_date: "2026-03-19T17:59:01.302251Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
diff --git a/07-framework-security/frameworks/nodejs/INDEX.md b/07-framework-security/frameworks/nodejs/INDEX.md
index c60aa3f8..5a6a2ad8 100644
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `8`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nuxt/INDEX.md b/07-framework-security/frameworks/nuxt/INDEX.md
index bf279391..7d2d80ca 100644
--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `28`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/rails/INDEX.md b/07-framework-security/frameworks/rails/INDEX.md
index 0e2a87e5..cd7c2e81 100644
--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `42`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/react/INDEX.md b/07-framework-security/frameworks/react/INDEX.md
index 79f0c5e7..75a64703 100644
--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `21`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-boot/INDEX.md b/07-framework-security/frameworks/spring-boot/INDEX.md
index a4af6fe5..3ef062a4 100644
--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-framework/INDEX.md b/07-framework-security/frameworks/spring-framework/INDEX.md
index f69df6d8..a4e22a63 100644
--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `11`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-security/INDEX.md b/07-framework-security/frameworks/spring-security/INDEX.md
index 417b78cc..0b403e53 100644
--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `3`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/sveltekit/INDEX.md b/07-framework-security/frameworks/sveltekit/INDEX.md
index 68dfdcd3..e4b37cb5 100644
--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `3`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/symfony/INDEX.md b/07-framework-security/frameworks/symfony/INDEX.md
index f6754118..a75aa4f8 100644
--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `9`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/undici/INDEX.md b/07-framework-security/frameworks/undici/INDEX.md
index 06f59e9d..ca56feee 100644
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `9`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/vite/INDEX.md b/07-framework-security/frameworks/vite/INDEX.md
index 3125f827..210c3c09 100644
--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `30`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/vue/INDEX.md b/07-framework-security/frameworks/vue/INDEX.md
index 9b6c2d50..22123a57 100644
--- a/07-framework-security/frameworks/vue/INDEX.md
+++ b/07-framework-security/frameworks/vue/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `15`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/webpack/INDEX.md b/07-framework-security/frameworks/webpack/INDEX.md
index c7371e0e..d817f72f 100644
--- a/07-framework-security/frameworks/webpack/INDEX.md
+++ b/07-framework-security/frameworks/webpack/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/werkzeug/INDEX.md b/07-framework-security/frameworks/werkzeug/INDEX.md
index 2f5a15a6..f91738e3 100644
--- a/07-framework-security/frameworks/werkzeug/INDEX.md
+++ b/07-framework-security/frameworks/werkzeug/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/adminer/INDEX.md b/07-framework-security/platforms/adminer/INDEX.md
index e97fe7af..32fe6a4f 100644
--- a/07-framework-security/platforms/adminer/INDEX.md
+++ b/07-framework-security/platforms/adminer/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/gitea/INDEX.md b/07-framework-security/platforms/gitea/INDEX.md
index 8a9ccdb0..d48aa6d4 100644
--- a/07-framework-security/platforms/gitea/INDEX.md
+++ b/07-framework-security/platforms/gitea/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `13`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/gitlab-ce/INDEX.md b/07-framework-security/platforms/gitlab-ce/INDEX.md
index ea2ee024..ed99fe53 100644
--- a/07-framework-security/platforms/gitlab-ce/INDEX.md
+++ b/07-framework-security/platforms/gitlab-ce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `55`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/grafana/INDEX.md b/07-framework-security/platforms/grafana/INDEX.md
index 140a6c7e..ce42dc30 100644
--- a/07-framework-security/platforms/grafana/INDEX.md
+++ b/07-framework-security/platforms/grafana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `60`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/jenkins/INDEX.md b/07-framework-security/platforms/jenkins/INDEX.md
index 9506dbcb..fbbb056e 100644
--- a/07-framework-security/platforms/jenkins/INDEX.md
+++ b/07-framework-security/platforms/jenkins/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `60`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/kibana/INDEX.md b/07-framework-security/platforms/kibana/INDEX.md
index 0e2f41fc..133f5e2f 100644
--- a/07-framework-security/platforms/kibana/INDEX.md
+++ b/07-framework-security/platforms/kibana/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `kibana`
 - 分类: `platforms`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `41`
+- 总案例数: `47`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `41`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 待人工/缺浏览器证据: `47`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
@@ -32,6 +32,12 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
+| Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Mar 2026 16:59:58 +0000` | - |
+| Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Mar 2026 16:59:18 +0000` | - |
+| Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Mar 2026 16:56:17 +0000` | - |
+| Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Mar 2026 16:54:15 +0000` | - |
+| Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Mar 2026 16:53:51 +0000` | - |
+| Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Mar 2026 16:51:08 +0000` | - |
 | Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-13) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-04) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-34) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
diff --git a/07-framework-security/platforms/mattermost/INDEX.md b/07-framework-security/platforms/mattermost/INDEX.md
index 01b0ae7e..c5002e54 100644
--- a/07-framework-security/platforms/mattermost/INDEX.md
+++ b/07-framework-security/platforms/mattermost/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `mattermost`
 - 分类: `platforms`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `20`
-- 近 30 天新增/更新: `19`
-- 重点 Markdown 案例数: `20`
+- 总案例数: `21`
+- 近 30 天新增/更新: `20`
+- 重点 Markdown 案例数: `21`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `20`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 待人工/缺浏览器证据: `21`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
@@ -34,6 +34,7 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
 | Issue Identifier | `severity` | `generated` | `triage-manual` | `synthetic` | `official` | `Fix Release Date` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-issue-identifier.md) |
+| Mattermost fails to validate user's authentication method when processing account auth type switch | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-19T19:31:20.982512Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md) |
 | MMSA-2025-00553 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md) |
 | MMSA-2026-00574 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00574.md) |
 | MMSA-2026-00603 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00603.md) |
diff --git a/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md b/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md
new file mode 100644
index 00000000..16b52c91
--- /dev/null
+++ b/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md
@@ -0,0 +1,113 @@
+---
+title: "Mattermost fails to validate user's authentication method when processing account auth type switch"
+system_id: "mattermost"
+category: "platforms"
+advisory_mode: "core"
+published_date: "2026-03-16T15:30:47Z"
+updated_date: "2026-03-19T19:31:20.982512Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "ecosystem-authority"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-22545"
+  - "GHSA-rv67-7w2g-7976"
+affected_versions:
+  - "introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988"
+  - "introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988"
+  - "introduced=10.11.0-rc1, fixed<10.11.11"
+  - "introduced=11.2.0-rc1, fixed<11.2.3"
+  - "introduced=11.3.0-rc1, fixed<11.3.1"
+fixed_versions:
+  - "8.0.0-20260127144908-ced9a56e3988"
+  - "5.3.2-0.20260127144908-ced9a56e3988"
+  - "10.11.11"
+  - "11.2.3"
+  - "11.3.1"
+secure_code_topics:
+  - "authz-server-side-recheck"
+  - "xss-output-encoding"
+  - "token-cookie-storage"
+  - "dependency-upgrade-policy"
+primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-22545"
+---
+
+# Mattermost fails to validate user's authentication method when processing account auth type switch
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `mattermost--CVE-2026-22545`
+- 系统: `mattermost`
+- 严重度: `low`
+- 来源置信度: `ecosystem-authority`
+- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-22545
+- 影响版本: `introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988, introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988, introduced=10.11.0-rc1, fixed<10.11.11, introduced=11.2.0-rc1, fixed<11.2.3, introduced=11.3.0-rc1, fixed<11.3.1`
+- 修复版本: `8.0.0-20260127144908-ced9a56e3988, 5.3.2-0.20260127144908-ced9a56e3988, 10.11.11, 11.2.3, 11.3.1`
+
+## 其他来源
+
+- https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218
+- https://github.com/mattermost/mattermost
+- https://mattermost.com/security-updates
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
+- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
+- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
+- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
+- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
+- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
+- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
+- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
+- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
+- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
+- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
+- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
+- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
+- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
+- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
+- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
+- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
+- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
+- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
+- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
+- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
+- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
+- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
+- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
diff --git a/07-framework-security/platforms/phpmyadmin/INDEX.md b/07-framework-security/platforms/phpmyadmin/INDEX.md
index 6d2761b8..c983d21b 100644
--- a/07-framework-security/platforms/phpmyadmin/INDEX.md
+++ b/07-framework-security/platforms/phpmyadmin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `50`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/redmine/INDEX.md b/07-framework-security/platforms/redmine/INDEX.md
index ba1b0666..d997959c 100644
--- a/07-framework-security/platforms/redmine/INDEX.md
+++ b/07-framework-security/platforms/redmine/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `50`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-httpd/INDEX.md b/07-framework-security/servers/apache-httpd/INDEX.md
index 1d15417f..e0356c89 100644
--- a/07-framework-security/servers/apache-httpd/INDEX.md
+++ b/07-framework-security/servers/apache-httpd/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `135`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-tomcat/INDEX.md b/07-framework-security/servers/apache-tomcat/INDEX.md
index 3d2a986a..1157778c 100644
--- a/07-framework-security/servers/apache-tomcat/INDEX.md
+++ b/07-framework-security/servers/apache-tomcat/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `136`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/caddy/INDEX.md b/07-framework-security/servers/caddy/INDEX.md
index c75a3dbf..37d5a364 100644
--- a/07-framework-security/servers/caddy/INDEX.md
+++ b/07-framework-security/servers/caddy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `27`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/haproxy/INDEX.md b/07-framework-security/servers/haproxy/INDEX.md
index cb3d2e78..7d9be5ca 100644
--- a/07-framework-security/servers/haproxy/INDEX.md
+++ b/07-framework-security/servers/haproxy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `6`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/nginx/INDEX.md b/07-framework-security/servers/nginx/INDEX.md
index 6d04857a..18dda0fd 100644
--- a/07-framework-security/servers/nginx/INDEX.md
+++ b/07-framework-security/servers/nginx/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `110`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/traefik/INDEX.md b/07-framework-security/servers/traefik/INDEX.md
index ff0b1511..c3388fa9 100644
--- a/07-framework-security/servers/traefik/INDEX.md
+++ b/07-framework-security/servers/traefik/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `43`
-- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`
 
 ## 目标约束
 
diff --git a/08-threat-intel/generated/coverage-matrix.md b/08-threat-intel/generated/coverage-matrix.md
index 6138231e..cc63f062 100644
--- a/08-threat-intel/generated/coverage-matrix.md
+++ b/08-threat-intel/generated/coverage-matrix.md
@@ -28,16 +28,16 @@
 | HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
 | Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
-| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
+| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
 | Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
 | Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
 | Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
-| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
+| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
 | MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
diff --git a/08-threat-intel/generated/dashboard/advisories.json b/08-threat-intel/generated/dashboard/advisories.json
index 4792bac0..8966f62b 100644
--- a/08-threat-intel/generated/dashboard/advisories.json
+++ b/08-threat-intel/generated/dashboard/advisories.json
@@ -1838,6 +1838,195 @@
       "refs": []
     }
   },
+  "kibana--844efe5dac": {
+    "canonical_id": "kibana--844efe5dac",
+    "title": "Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)",
+    "summary": "<p><strong>Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service</strong></p>\n<p>Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.6</li>\n<li>All versions from 9.3.0 up to and including 9.3.1</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The Timelion visualization plugin (visTypeTimelion) is enabled by default in Kibana and is listed under \"Legacy editors\" in the documentation.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.7, 9.3.2.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p><strong>Self-hosted</strong><br>\nUsers can set this property in the Kibana config YAML file <code>vis_type_timelion.enabled: false</code></p>\n<p><strong>Cloud</strong><br>\nThere are no workaround</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Look for JavaScript heap out of memory or FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed errors in Kibana server logs, which indicate the Node.js process crashed due to memory exhaustion.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26940<br>\n<strong>Problem Type:</strong> CWE-1284 - Improper Validation of Specified Quantity in Input<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535\">Read full topic</a></p>",
+    "display_name": "Kibana",
+    "system_id": "kibana",
+    "category": "platforms",
+    "severity": "unknown",
+    "cvss_score": null,
+    "exploit_status": "unknown",
+    "published_at": "Thu, 19 Mar 2026 16:59:58 +0000",
+    "updated_at": "Thu, 19 Mar 2026 16:59:58 +0000",
+    "official_source_url": "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535",
+    "secondary_source_urls": [],
+    "aliases": [],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "proxy-trust-boundary",
+      "plugin-extension-trust-policy",
+      "dependency-upgrade-policy"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "kibana--ca14c406d9": {
+    "canonical_id": "kibana--ca14c406d9",
+    "title": "Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)",
+    "summary": "<p><strong>Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Object Injection (CAPEC-586). Exploitation requires an attacker to have high-privileged access (the <code>machine_learning_admin</code> role) to upload and deploy a specially crafted, malicious model to the Elasticsearch cluster that triggers known vulnerabilities CVE-2025-32434.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.7</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.1.7</li>\n<li>Versions 9.2.0+ were never affected</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The vulnerability affects Elasticsearch deployments that have ML nodes and where PyTorch-based NLP models can be uploaded and deployed.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.8, 9.1.8.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Ensure that only trusted users are granted the machine_learning_admin role. Revoke this role from any users who do not have a legitimate need to upload or manage ML models.</p>\n<p>Disable ML entirely: If ML functionality is not required, set xpack.ml.enabled: false in elasticsearch.yml on all nodes. Note that this disables all ML features, not just PyTorch model loading.</p>\n<p>Only use models from trusted sources: As stated in the official Elastic documentation: \"PyTorch models can execute code on your Elasticsearch server, exposing your cluster to potential security vulnerabilities. Only use models from trusted sources and never use models from unverified or unknown providers.\"</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: High ( 7.2 ) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H<br>\n<strong>CVE ID</strong>: CVE-2025-32434<br>\n<strong>Problem Type:</strong> CWE-502 - Deserialization of Untrusted Data<br>\n<strong>Impact:</strong> CAPEC-586 - Object Injection</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534\">Read full topic</a></p>",
+    "display_name": "Kibana",
+    "system_id": "kibana",
+    "category": "platforms",
+    "severity": "unknown",
+    "cvss_score": null,
+    "exploit_status": "unknown",
+    "published_at": "Thu, 19 Mar 2026 16:59:18 +0000",
+    "updated_at": "Thu, 19 Mar 2026 16:59:18 +0000",
+    "official_source_url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534",
+    "secondary_source_urls": [],
+    "aliases": [],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "proxy-trust-boundary",
+      "file-upload-validation",
+      "dependency-upgrade-policy",
+      "deserialization-safety"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "kibana--0fcd01159e": {
+    "canonical_id": "kibana--0fcd01159e",
+    "title": "Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)",
+    "summary": "<p><strong>Improper Validation of Array Index in Packetbeat Leading to Denial of Service</strong></p>\n<p>Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.10</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nPacketbeat protocol parsing is enabled by default for configured protocols. Network traffic capture requires explicit configuration of network interfaces and protocols to monitor in packetbeat.yml. The vulnerable parsers are only active when their respective protocols are explicitly enabled in the configuration.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.11, 9.2.5.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Network Segmentation: Ensure Packetbeat instances only monitor trusted network segments and implement network-level controls to prevent untrusted sources from sending traffic to monitored interfaces. This will reduce the likelihood of exploitation.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<ul>\n<li>Frequent panic/crash events in Packetbeat logs</li>\n<li>Error messages related to index out of range or slice bounds violations</li>\n<li>Repeated restarts of the Packetbeat process</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>:  CVE-2026-26933<br>\n<strong>Problem Type:</strong> CWE-129 - Improper Validation of Array Index<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533\">Read full topic</a></p>",
+    "display_name": "Kibana",
+    "system_id": "kibana",
+    "category": "platforms",
+    "severity": "unknown",
+    "cvss_score": null,
+    "exploit_status": "unknown",
+    "published_at": "Thu, 19 Mar 2026 16:56:17 +0000",
+    "updated_at": "Thu, 19 Mar 2026 16:56:17 +0000",
+    "official_source_url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533",
+    "secondary_source_urls": [],
+    "aliases": [],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "proxy-trust-boundary"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "kibana--4d0ef3a07b": {
+    "canonical_id": "kibana--4d0ef3a07b",
+    "title": "Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)",
+    "summary": "<p><strong>Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service</strong></p>\n<p>Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThe Prometheus <code>remote_write</code> module is not enabled by default in Metricbeat, so this issue only affects users who have enabled it.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.5 .</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<ol>\n<li>Disable the remote_write module if it is not required for operations:\n<ul>\n<li>Remove or comment out the Prometheus <code>remote_write</code> configuration block in <code>metricbeat.yml</code></li>\n<li>Restart Metricbeat to apply changes</li>\n</ul>\n</li>\n<li>Restrict network access using firewall rules or network policies:\n<ul>\n<li>Limit access to the <code>remote_write</code> endpoint to trusted Prometheus server IP addresses only</li>\n<li>Use host: \"localhost\" binding if the Prometheus server runs on the same host</li>\n</ul>\n</li>\n</ol>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Log Patterns:</p>\n<ul>\n<li>Metricbeat process termination with \u201cout of memory\" messages in system logs</li>\n<li>Repeated Metricbeat crashes or restarts when the Prometheus <code>remote_write</code> module is enabled</li>\n<li>OOM events in kernel logs <code>dmesg</code> or container orchestration logs targeting the Metricbeat process</li>\n</ul>\n<p>Audit Trail Indicators:</p>\n<ul>\n<li>Sudden memory consumption spikes in Metricbeat process metrics immediately preceding process termination</li>\n<li>Network connections from unexpected or unauthorized source IP addresses to the <code>remote_write</code> endpoint port</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26931<br>\n<strong>Problem Type:</strong> CWE-789 - Memory Allocation with Excessive Size Value<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532\">Read full topic</a></p>",
+    "display_name": "Kibana",
+    "system_id": "kibana",
+    "category": "platforms",
+    "severity": "unknown",
+    "cvss_score": null,
+    "exploit_status": "unknown",
+    "published_at": "Thu, 19 Mar 2026 16:54:15 +0000",
+    "updated_at": "Thu, 19 Mar 2026 16:54:15 +0000",
+    "official_source_url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532",
+    "secondary_source_urls": [],
+    "aliases": [],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "proxy-trust-boundary",
+      "plugin-extension-trust-policy"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "kibana--4bfdbe9da9": {
+    "canonical_id": "kibana--4bfdbe9da9",
+    "title": "Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)",
+    "summary": "<p><strong>Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an attacker to access sensitive information from previous buffer contents via Input Data Manipulation (CAPEC-153). Exploitation requires the attacker to produce specially crafted, malformed compressed input to a Kafka topic consumed by Logstash, causing the decompression process to expose residual data from reused output buffers that were not cleared between operations - CVE-2025-66566.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.15.0 up to and including 8.19.9</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.1.9</li>\n<li>All versions from 9.2.0 up to and including 9.2.3</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThis vulnerability is limited to Logstash deployments that have the logstash-integration-kafka plugin configured to consume from a Kafka topic to which the attacker can publish messages. The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.10, 9.1.10, 9.2.4.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p>Manually update the logstash-integration-kafka plugin to version 11.8.1 or higher using: bin/logstash-plugin update logstash-integration-kafka</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.9 ) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N<br>\n<strong>CVE ID</strong>: CVE-2025-66566<br>\n<strong>Problem Type:</strong> CWE-226 - Sensitive Information in Resource Not Removed Before Reuse<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531\">Read full topic</a></p>",
+    "display_name": "Kibana",
+    "system_id": "kibana",
+    "category": "platforms",
+    "severity": "unknown",
+    "cvss_score": null,
+    "exploit_status": "unknown",
+    "published_at": "Thu, 19 Mar 2026 16:53:51 +0000",
+    "updated_at": "Thu, 19 Mar 2026 16:53:51 +0000",
+    "official_source_url": "https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531",
+    "secondary_source_urls": [],
+    "aliases": [],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "proxy-trust-boundary",
+      "plugin-extension-trust-policy",
+      "dependency-upgrade-policy"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "kibana--012933e759": {
+    "canonical_id": "kibana--012933e759",
+    "title": "Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)",
+    "summary": "<p><strong>Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration</strong></p>\n<p>Missing Authorization (CWE-862) in Kibana\u2019s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.11</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.5</li>\n<li>Version 9.3.0</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<ul>\n<li>Automated response actions require the appropriate Elastic Stack subscription or Serverless project feature tier, and hosts must have Elastic Agent installed with the Elastic Defend integration.</li>\n<li>Automated response actions are not enabled by default on detection rules. A user must explicitly configure them. However, the Elastic Defend feature privileges (Host Isolation, Process Operations) are set to None by default for new roles, meaning most users should not have these privileges unless explicitly granted. The vulnerability allows users without these privileges to bypass the restriction.</li>\n<li>The Update API is only vulnerable when response actions are being added to an existing rule that does not already have any response actions. If the rule already contains response actions, the existing authorization logic was applied.</li>\n</ul>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.12, 9.2.6, 9.3.1.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Update to the patched version as soon as possible. In the interim, restrict detection rule management privileges to users who are also authorized for endpoint response actions. Review existing rules for any unauthorized response action configurations that may have been added.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Audit all detection rules for response_actions configurations containing <code>.endpoint</code> action types (isolate, kill-process, suspend-process) that may have been added by unauthorized users.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N<br>\n<strong>CVE ID</strong>: CVE-2026-26939<br>\n<strong>Problem Type:</strong> CWE-862 - Missing Authorization<br>\n<strong>Impact:</strong> Accessing Functionality Not Properly Constrained by ACLs - CAPEC-1</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530\">Read full topic</a></p>",
+    "display_name": "Kibana",
+    "system_id": "kibana",
+    "category": "platforms",
+    "severity": "unknown",
+    "cvss_score": null,
+    "exploit_status": "unknown",
+    "published_at": "Thu, 19 Mar 2026 16:51:08 +0000",
+    "updated_at": "Thu, 19 Mar 2026 16:51:08 +0000",
+    "official_source_url": "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530",
+    "secondary_source_urls": [],
+    "aliases": [],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "proxy-trust-boundary",
+      "dependency-upgrade-policy"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
   "haproxy--3164dd5e31": {
     "canonical_id": "haproxy--3164dd5e31",
     "title": "Don't panic: a low-risk strategy for Ingress NGINX retirement",
@@ -2698,6 +2887,237 @@
       "refs": []
     }
   },
+  "mattermost--CVE-2026-22545": {
+    "canonical_id": "mattermost--CVE-2026-22545",
+    "title": "Mattermost fails to validate user's authentication method when processing account auth type switch",
+    "summary": "Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583",
+    "display_name": "Mattermost",
+    "system_id": "mattermost",
+    "category": "platforms",
+    "severity": "low",
+    "cvss_score": 3.1,
+    "exploit_status": "unknown",
+    "published_at": "2026-03-16T15:30:47Z",
+    "updated_at": "2026-03-19T19:31:20.982512Z",
+    "official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
+    "secondary_source_urls": [
+      "https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
+      "https://github.com/mattermost/mattermost",
+      "https://mattermost.com/security-updates"
+    ],
+    "aliases": [
+      "CVE-2026-22545",
+      "GHSA-rv67-7w2g-7976"
+    ],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "xss-output-encoding",
+      "token-cookie-storage",
+      "dependency-upgrade-policy"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "synthetic",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "nextjs--CVE-2026-27979": {
+    "canonical_id": "nextjs--CVE-2026-27979",
+    "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+    "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
+    "display_name": "Next.js",
+    "system_id": "nextjs",
+    "category": "frameworks",
+    "severity": "medium",
+    "cvss_score": 4.0,
+    "exploit_status": "unknown",
+    "published_at": "2026-03-17T16:16:49Z",
+    "updated_at": "2026-03-19T18:48:06.587119Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
+    "secondary_source_urls": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-27979",
+      "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
+      "https://github.com/vercel/next.js",
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+    ],
+    "aliases": [
+      "CVE-2026-27979",
+      "GHSA-h27x-g6w4-24gq"
+    ],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "proxy-trust-boundary",
+      "token-cookie-storage"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "nextjs--CVE-2026-27980": {
+    "canonical_id": "nextjs--CVE-2026-27980",
+    "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
+    "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impact platforms that have their own image optimization capabilities, such as Vercel.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+    "display_name": "Next.js",
+    "system_id": "nextjs",
+    "category": "frameworks",
+    "severity": "medium",
+    "cvss_score": 4.0,
+    "exploit_status": "unknown",
+    "published_at": "2026-03-17T16:17:06Z",
+    "updated_at": "2026-03-19T18:47:09.413134Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+    "secondary_source_urls": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-27980",
+      "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+      "https://github.com/vercel/next.js",
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+    ],
+    "aliases": [
+      "CVE-2026-27980",
+      "GHSA-3x4c-7xq6-9pq8"
+    ],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "proxy-trust-boundary",
+      "token-cookie-storage"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "nextjs--CVE-2026-27977": {
+    "canonical_id": "nextjs--CVE-2026-27977",
+    "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
+    "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
+    "display_name": "Next.js",
+    "system_id": "nextjs",
+    "category": "frameworks",
+    "severity": "medium",
+    "cvss_score": 4.0,
+    "exploit_status": "unknown",
+    "published_at": "2026-03-17T15:29:48Z",
+    "updated_at": "2026-03-19T18:32:38.608475Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
+    "secondary_source_urls": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-27977",
+      "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
+      "https://github.com/vercel/next.js",
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+    ],
+    "aliases": [
+      "CVE-2026-27977",
+      "GHSA-jcc7-9wpm-mj36"
+    ],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "proxy-trust-boundary",
+      "token-cookie-storage"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "nextjs--CVE-2026-27978": {
+    "canonical_id": "nextjs--CVE-2026-27978",
+    "title": "Next.js: null origin can bypass Server Actions CSRF checks",
+    "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
+    "display_name": "Next.js",
+    "system_id": "nextjs",
+    "category": "frameworks",
+    "severity": "medium",
+    "cvss_score": 4.0,
+    "exploit_status": "unknown",
+    "published_at": "2026-03-17T15:30:14Z",
+    "updated_at": "2026-03-19T18:31:23.523529Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
+    "secondary_source_urls": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-27978",
+      "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
+      "https://github.com/vercel/next.js",
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+    ],
+    "aliases": [
+      "CVE-2026-27978",
+      "GHSA-mq59-m269-xvcx"
+    ],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "proxy-trust-boundary",
+      "token-cookie-storage"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
+  "nextjs--CVE-2026-29057": {
+    "canonical_id": "nextjs--CVE-2026-29057",
+    "title": "Next.js: HTTP request smuggling in rewrites",
+    "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
+    "display_name": "Next.js",
+    "system_id": "nextjs",
+    "category": "frameworks",
+    "severity": "medium",
+    "cvss_score": 4.0,
+    "exploit_status": "unknown",
+    "published_at": "2026-03-17T16:17:15Z",
+    "updated_at": "2026-03-19T17:59:01.302251Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
+    "secondary_source_urls": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-29057",
+      "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
+      "https://github.com/vercel/next.js",
+      "https://github.com/vercel/next.js/releases/tag/v15.5.13",
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+    ],
+    "aliases": [
+      "CVE-2026-29057",
+      "GHSA-ggv3-7p47-pfv8"
+    ],
+    "secure_code_topics": [
+      "authz-server-side-recheck",
+      "proxy-trust-boundary",
+      "token-cookie-storage",
+      "request-smuggling-boundary",
+      "dependency-upgrade-policy"
+    ],
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
+    "blocked_reason": null,
+    "browser_evidence": {
+      "required": false,
+      "present": false,
+      "refs": []
+    }
+  },
   "undici--CVE-2026-2581": {
     "canonical_id": "undici--CVE-2026-2581",
     "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
@@ -2929,47 +3349,6 @@
       "refs": []
     }
   },
-  "nextjs--CVE-2026-29057": {
-    "canonical_id": "nextjs--CVE-2026-29057",
-    "title": "Next.js: HTTP request smuggling in rewrites",
-    "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T16:17:15Z",
-    "updated_at": "2026-03-18T22:02:16.858114Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-29057",
-      "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v15.5.13",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-29057",
-      "GHSA-ggv3-7p47-pfv8"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "request-smuggling-boundary",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
   "traefik--CVE-2026-29777": {
     "canonical_id": "traefik--CVE-2026-29777",
     "title": "Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values",
@@ -4720,154 +5099,6 @@
       "refs": []
     }
   },
-  "nextjs--CVE-2026-27979": {
-    "canonical_id": "nextjs--CVE-2026-27979",
-    "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
-    "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T16:16:49Z",
-    "updated_at": "2026-03-17T16:31:34.160932Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27979",
-      "GHSA-h27x-g6w4-24gq"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-27980": {
-    "canonical_id": "nextjs--CVE-2026-27980",
-    "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
-    "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T16:17:06Z",
-    "updated_at": "2026-03-17T16:31:33.597080Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27980",
-      "GHSA-3x4c-7xq6-9pq8"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-27978": {
-    "canonical_id": "nextjs--CVE-2026-27978",
-    "title": "Next.js: null origin can bypass Server Actions CSRF checks",
-    "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T15:30:14Z",
-    "updated_at": "2026-03-17T15:46:43.484729Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27978",
-      "GHSA-mq59-m269-xvcx"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2026-27977": {
-    "canonical_id": "nextjs--CVE-2026-27977",
-    "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
-    "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": 4.0,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-17T15:29:48Z",
-    "updated_at": "2026-03-17T15:46:26.028580Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
-    ],
-    "aliases": [
-      "CVE-2026-27977",
-      "GHSA-jcc7-9wpm-mj36"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "triage-manual",
-    "verification_mode": "synthetic",
-    "artifact_mode": "official-source",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
   "angular--CVE-2026-32635": {
     "canonical_id": "angular--CVE-2026-32635",
     "title": "Angular vulnerable to XSS in i18n attribute bindings",
diff --git a/08-threat-intel/generated/dashboard/architecture.json b/08-threat-intel/generated/dashboard/architecture.json
index 6d8e5dee..5ec86983 100644
--- a/08-threat-intel/generated/dashboard/architecture.json
+++ b/08-threat-intel/generated/dashboard/architecture.json
@@ -1,5 +1,5 @@
 {
-  "generated_at": "2026-03-19T09:30:58+00:00",
+  "generated_at": "2026-03-19T23:44:56+00:00",
   "title": "\u5f53\u524d\u67b6\u6784\u5e93",
   "summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
   "sections": [
@@ -31,7 +31,7 @@
         },
         {
           "label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
-          "value": "2392"
+          "value": "2399"
         }
       ],
       "fields": [
@@ -49,7 +49,7 @@
         },
         {
           "label": "\u751f\u6210\u65f6\u95f4",
-          "value": "2026-03-19T09:30:58+00:00"
+          "value": "2026-03-19T23:44:56+00:00"
         }
       ],
       "links": [
@@ -5887,7 +5887,7 @@
         },
         {
           "label": "Advisory \u6570",
-          "value": "2392"
+          "value": "2399"
         },
         {
           "label": "\u72b6\u6001\u7c7b\u578b",
@@ -5906,7 +5906,7 @@
           "items": [
             {
               "title": "\u4eba\u5de5\u5206\u8bca",
-              "summary": "\u5f53\u524d\u7d2f\u8ba1 2303 \u6761\u3002",
+              "summary": "\u5f53\u524d\u7d2f\u8ba1 2310 \u6761\u3002",
               "open": false,
               "fields": [
                 {
@@ -5915,7 +5915,7 @@
                 },
                 {
                   "label": "\u6570\u91cf",
-                  "value": "2303"
+                  "value": "2310"
                 }
               ]
             },
diff --git a/08-threat-intel/generated/dashboard/data/completeness.json b/08-threat-intel/generated/dashboard/data/completeness.json
index 0201b71b..5597b638 100644
--- a/08-threat-intel/generated/dashboard/data/completeness.json
+++ b/08-threat-intel/generated/dashboard/data/completeness.json
@@ -1,7 +1,7 @@
 {
-  "generated_at": "2026-03-19T09:30:58+00:00",
+  "generated_at": "2026-03-19T23:44:56+00:00",
   "advisory_total": 89,
-  "registry_advisory_total": 2392,
+  "registry_advisory_total": 2399,
   "scope": "latest-run-backed-advisories",
   "latest_statuses": {
     "verified-real": 89
@@ -172,31 +172,35 @@
     "failures": []
   },
   "source_health": {
-    "active_source_count": 110,
-    "green_source_count": 110,
+    "active_source_count": 101,
+    "green_source_count": 101,
     "failure_count": 0,
-    "last_fully_green_run": "2026-03-19T09:30:54+00:00",
+    "last_fully_green_run": "2026-03-19T23:44:51+00:00",
     "open_alert_count": 0,
     "resolved_alert_count": 4
   },
   "monitor_summary": {
-    "generated_at": "2026-03-19T09:30:54+00:00",
-    "active_source_count": 110,
-    "green_source_count": 110,
+    "generated_at": "2026-03-19T23:44:51+00:00",
+    "active_source_count": 101,
+    "green_source_count": 101,
     "source_failure_count": 0,
     "open_alert_count": 0,
     "resolved_alert_count": 4,
-    "last_fully_green_run": "2026-03-19T09:30:54+00:00",
+    "last_fully_green_run": "2026-03-19T23:44:51+00:00",
     "source_catalog": {
       "system_count": 62,
       "source_count": 179,
-      "retired_source_count": 69
+      "retired_source_count": 78
     },
     "ingest": {
-      "new_count": 0,
-      "updated_count": 0,
+      "new_count": 7,
+      "updated_count": 5,
       "failure_count": 0,
-      "systems_touched": []
+      "systems_touched": [
+        "kibana",
+        "mattermost",
+        "nextjs"
+      ]
     },
     "validation": {
       "passed": true,
diff --git a/08-threat-intel/generated/dashboard/data/monitor-summary.json b/08-threat-intel/generated/dashboard/data/monitor-summary.json
index 9391444d..d5acf3c4 100644
--- a/08-threat-intel/generated/dashboard/data/monitor-summary.json
+++ b/08-threat-intel/generated/dashboard/data/monitor-summary.json
@@ -1,21 +1,25 @@
 {
-  "generated_at": "2026-03-19T09:30:54+00:00",
-  "active_source_count": 110,
-  "green_source_count": 110,
+  "generated_at": "2026-03-19T23:44:51+00:00",
+  "active_source_count": 101,
+  "green_source_count": 101,
   "source_failure_count": 0,
   "open_alert_count": 0,
   "resolved_alert_count": 4,
-  "last_fully_green_run": "2026-03-19T09:30:54+00:00",
+  "last_fully_green_run": "2026-03-19T23:44:51+00:00",
   "source_catalog": {
     "system_count": 62,
     "source_count": 179,
-    "retired_source_count": 69
+    "retired_source_count": 78
   },
   "ingest": {
-    "new_count": 0,
-    "updated_count": 0,
+    "new_count": 7,
+    "updated_count": 5,
     "failure_count": 0,
-    "systems_touched": []
+    "systems_touched": [
+      "kibana",
+      "mattermost",
+      "nextjs"
+    ]
   },
   "validation": {
     "passed": true,
diff --git a/08-threat-intel/generated/dashboard/data/source-catalog-audit.json b/08-threat-intel/generated/dashboard/data/source-catalog-audit.json
index 109ba677..0bf4178e 100644
--- a/08-threat-intel/generated/dashboard/data/source-catalog-audit.json
+++ b/08-threat-intel/generated/dashboard/data/source-catalog-audit.json
@@ -1,9 +1,9 @@
 {
-  "generated_at": "2026-03-19T09:30:54+00:00",
+  "generated_at": "2026-03-19T23:44:51+00:00",
   "system_count": 62,
   "source_count": 179,
-  "active_source_count": 110,
-  "retired_source_count": 69,
+  "active_source_count": 101,
+  "retired_source_count": 78,
   "systems_with_active_official": 61,
   "systems_with_machine_readable_source": 61,
   "systems": [
@@ -118,9 +118,9 @@
       "category": "servers",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -298,9 +298,9 @@
       "category": "platforms",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -493,9 +493,9 @@
       "category": "ecommerce",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -538,9 +538,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -583,9 +583,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -673,9 +673,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -823,9 +823,9 @@
       "category": "servers",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -853,9 +853,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -868,9 +868,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -1065,6 +1065,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "caddy",
+      "display_name": "Caddy",
+      "source_name": "GitHub Caddy Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Caddy"
+      ],
+      "url": "https://github.com/caddyserver/caddy/security/advisories"
+    },
     {
       "system_id": "discourse",
       "display_name": "Discourse",
@@ -1202,6 +1214,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "gitea",
+      "display_name": "Gitea",
+      "source_name": "GitHub Gitea Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Gitea"
+      ],
+      "url": "https://github.com/go-gitea/gitea/security/advisories"
+    },
     {
       "system_id": "gitlab-ce",
       "display_name": "GitLab CE",
@@ -1414,6 +1438,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "medusa",
+      "display_name": "Medusa",
+      "source_name": "GitHub Medusa Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Medusa"
+      ],
+      "url": "https://github.com/medusajs/medusa/security/advisories"
+    },
     {
       "system_id": "moodle",
       "display_name": "Moodle",
@@ -1475,6 +1511,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "nextjs",
+      "display_name": "Next.js",
+      "source_name": "GitHub Next.js Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Next.js"
+      ],
+      "url": "https://github.com/vercel/next.js/security/advisories"
+    },
     {
       "system_id": "nginx",
       "display_name": "Nginx",
@@ -1501,6 +1549,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "nuxt",
+      "display_name": "Nuxt",
+      "source_name": "Nuxt Security",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Nuxt"
+      ],
+      "url": "https://github.com/nuxt/nuxt/security/advisories"
+    },
     {
       "system_id": "opencart",
       "display_name": "OpenCart",
@@ -1591,6 +1651,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "react",
+      "display_name": "React",
+      "source_name": "GitHub React Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV React"
+      ],
+      "url": "https://github.com/facebook/react/security/advisories"
+    },
     {
       "system_id": "redmine",
       "display_name": "Redmine",
@@ -1692,6 +1764,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "traefik",
+      "display_name": "Traefik",
+      "source_name": "GitHub Traefik Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Traefik"
+      ],
+      "url": "https://github.com/traefik/traefik/security/advisories"
+    },
     {
       "system_id": "undici",
       "display_name": "Undici",
@@ -1729,6 +1813,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "vite",
+      "display_name": "Vite",
+      "source_name": "Vite Security",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Vite"
+      ],
+      "url": "https://github.com/vitejs/vite/security/advisories"
+    },
     {
       "system_id": "vue",
       "display_name": "Vue",
@@ -1742,6 +1838,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "vue",
+      "display_name": "Vue",
+      "source_name": "Vue Security",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Vue"
+      ],
+      "url": "https://github.com/vuejs/core/security"
+    },
     {
       "system_id": "webpack",
       "display_name": "webpack",
@@ -1884,6 +1992,13 @@
         "OSV Astro"
       ]
     },
+    {
+      "system_id": "caddy",
+      "retired_source": "GitHub Caddy Advisories",
+      "replacement_sources": [
+        "OSV Caddy"
+      ]
+    },
     {
       "system_id": "discourse",
       "retired_source": "Discourse Meta Security",
@@ -1966,6 +2081,13 @@
         "OSV Ghost"
       ]
     },
+    {
+      "system_id": "gitea",
+      "retired_source": "GitHub Gitea Advisories",
+      "replacement_sources": [
+        "OSV Gitea"
+      ]
+    },
     {
       "system_id": "gitlab-ce",
       "retired_source": "GitLab Security Releases",
@@ -2093,6 +2215,13 @@
         "OSV MediaWiki"
       ]
     },
+    {
+      "system_id": "medusa",
+      "retired_source": "GitHub Medusa Advisories",
+      "replacement_sources": [
+        "OSV Medusa"
+      ]
+    },
     {
       "system_id": "moodle",
       "retired_source": "Moodle Security News",
@@ -2129,6 +2258,13 @@
         "OSV Next.js"
       ]
     },
+    {
+      "system_id": "nextjs",
+      "retired_source": "GitHub Next.js Advisories",
+      "replacement_sources": [
+        "OSV Next.js"
+      ]
+    },
     {
       "system_id": "nginx",
       "retired_source": "NVD NGINX",
@@ -2145,6 +2281,13 @@
         "OSV Nuxt"
       ]
     },
+    {
+      "system_id": "nuxt",
+      "retired_source": "Nuxt Security",
+      "replacement_sources": [
+        "OSV Nuxt"
+      ]
+    },
     {
       "system_id": "opencart",
       "retired_source": "NVD OpenCart",
@@ -2200,6 +2343,13 @@
         "OSV React"
       ]
     },
+    {
+      "system_id": "react",
+      "retired_source": "GitHub React Advisories",
+      "replacement_sources": [
+        "OSV React"
+      ]
+    },
     {
       "system_id": "redmine",
       "retired_source": "NVD Redmine",
@@ -2261,6 +2411,13 @@
         "OSV Symfony"
       ]
     },
+    {
+      "system_id": "traefik",
+      "retired_source": "GitHub Traefik Advisories",
+      "replacement_sources": [
+        "OSV Traefik"
+      ]
+    },
     {
       "system_id": "undici",
       "retired_source": "GitHub Global Advisories",
@@ -2283,6 +2440,13 @@
         "OSV Vite"
       ]
     },
+    {
+      "system_id": "vite",
+      "retired_source": "Vite Security",
+      "replacement_sources": [
+        "OSV Vite"
+      ]
+    },
     {
       "system_id": "vue",
       "retired_source": "GitHub Global Advisories",
@@ -2291,6 +2455,13 @@
         "OSV Vue"
       ]
     },
+    {
+      "system_id": "vue",
+      "retired_source": "Vue Security",
+      "replacement_sources": [
+        "OSV Vue"
+      ]
+    },
     {
       "system_id": "webpack",
       "retired_source": "GitHub Global Advisories",
diff --git a/08-threat-intel/generated/dashboard/data/source-health.json b/08-threat-intel/generated/dashboard/data/source-health.json
index 19c3a40b..23f9f341 100644
--- a/08-threat-intel/generated/dashboard/data/source-health.json
+++ b/08-threat-intel/generated/dashboard/data/source-health.json
@@ -1,17 +1,17 @@
 {
-  "generated_at": "2026-03-19T09:30:54+00:00",
-  "active_source_count": 110,
-  "green_source_count": 110,
+  "generated_at": "2026-03-19T23:44:51+00:00",
+  "active_source_count": 101,
+  "green_source_count": 101,
   "failure_count": 0,
   "all_green": true,
-  "last_fully_green_run": "2026-03-19T09:30:54+00:00",
+  "last_fully_green_run": "2026-03-19T23:44:51+00:00",
   "retries_performed": 0,
   "probes": [
     {
       "system_id": "adminer",
       "source_name": "OSV Adminer",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -19,7 +19,7 @@
       "system_id": "adobe-commerce",
       "source_name": "Adobe Magento Security Index",
       "source_kind": "vendor-index",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "vendor-index",
       "items_seen": 46
     },
@@ -27,7 +27,7 @@
       "system_id": "angular",
       "source_name": "OSV Angular",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -35,7 +35,7 @@
       "system_id": "apache-httpd",
       "source_name": "Apache HTTPD Security",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.024,
       "kind": "html-links",
       "items_seen": 182
     },
@@ -43,15 +43,15 @@
       "system_id": "apache-httpd",
       "source_name": "CISA KEV Apache HTTPD",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.074,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "apache-tomcat",
       "source_name": "Apache Tomcat Security",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.064,
       "kind": "html-links",
       "items_seen": 270
     },
@@ -59,15 +59,15 @@
       "system_id": "apache-tomcat",
       "source_name": "CISA KEV Tomcat",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.064,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "aspnet-core",
       "source_name": "OSV ASP.NET Core",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.006,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -75,23 +75,15 @@
       "system_id": "astro",
       "source_name": "OSV Astro",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "caddy",
-      "source_name": "GitHub Caddy Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.049,
-      "kind": "html-links",
-      "items_seen": 114
-    },
     {
       "system_id": "caddy",
       "source_name": "OSV Caddy",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.064,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -99,7 +91,7 @@
       "system_id": "directus",
       "source_name": "Directus GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.057,
+      "elapsed_seconds": 0.037,
       "kind": "html-links",
       "items_seen": 127
     },
@@ -107,7 +99,7 @@
       "system_id": "directus",
       "source_name": "OSV Directus",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -115,7 +107,7 @@
       "system_id": "discourse",
       "source_name": "Discourse Release Notes RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "rss-feed",
       "items_seen": 30
     },
@@ -123,7 +115,7 @@
       "system_id": "discourse",
       "source_name": "Discourse Security RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "rss-feed",
       "items_seen": 3
     },
@@ -131,7 +123,7 @@
       "system_id": "discourse",
       "source_name": "OSV Discourse",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -139,7 +131,7 @@
       "system_id": "django",
       "source_name": "Django Security Releases Archive",
       "source_kind": "vendor-index",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.068,
       "kind": "vendor-index",
       "items_seen": 1276
     },
@@ -147,7 +139,7 @@
       "system_id": "django",
       "source_name": "Django Security Weblog",
       "source_kind": "vendor-index",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.043,
       "kind": "vendor-index",
       "items_seen": 332
     },
@@ -155,7 +147,7 @@
       "system_id": "django",
       "source_name": "OSV Django",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.064,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -163,7 +155,7 @@
       "system_id": "drupal",
       "source_name": "Drupal Security Advisories RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "rss-feed",
       "items_seen": 20
     },
@@ -171,7 +163,7 @@
       "system_id": "drupal",
       "source_name": "OSV Drupal",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -179,7 +171,7 @@
       "system_id": "echo",
       "source_name": "OSV Echo",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.039,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -187,7 +179,7 @@
       "system_id": "esbuild",
       "source_name": "OSV esbuild",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.044,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -195,7 +187,7 @@
       "system_id": "express",
       "source_name": "OSV Express",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -203,7 +195,7 @@
       "system_id": "fastify",
       "source_name": "OSV Fastify",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.005,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -211,7 +203,7 @@
       "system_id": "flask",
       "source_name": "OSV Flask",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.017,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -219,7 +211,7 @@
       "system_id": "ghost",
       "source_name": "Ghost GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.058,
+      "elapsed_seconds": 0.038,
       "kind": "html-links",
       "items_seen": 119
     },
@@ -227,7 +219,7 @@
       "system_id": "ghost",
       "source_name": "OSV Ghost",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.058,
+      "elapsed_seconds": 0.038,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -235,23 +227,15 @@
       "system_id": "gin",
       "source_name": "OSV Gin",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.024,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "gitea",
-      "source_name": "GitHub Gitea Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
-      "kind": "html-links",
-      "items_seen": 98
-    },
     {
       "system_id": "gitea",
       "source_name": "OSV Gitea",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.074,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -259,7 +243,7 @@
       "system_id": "gitlab-ce",
       "source_name": "GitLab Advisory Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "kind": "html-links",
       "items_seen": 5
     },
@@ -267,7 +251,7 @@
       "system_id": "gitlab-ce",
       "source_name": "GitLab Security Releases Atom",
       "source_kind": "atom-feed",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.097,
       "kind": "atom-feed",
       "items_seen": 186
     },
@@ -275,15 +259,15 @@
       "system_id": "grafana",
       "source_name": "CISA KEV Grafana",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.039,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "grafana",
       "source_name": "Grafana Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.065,
       "kind": "html-links",
       "items_seen": 159
     },
@@ -291,7 +275,7 @@
       "system_id": "hapi",
       "source_name": "OSV Hapi",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -299,7 +283,7 @@
       "system_id": "haproxy",
       "source_name": "HAProxy Blog Feed",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.124,
+      "elapsed_seconds": 0.064,
       "kind": "rss-feed",
       "items_seen": 10
     },
@@ -307,7 +291,7 @@
       "system_id": "jenkins",
       "source_name": "Jenkins Security Advisories RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.126,
+      "elapsed_seconds": 0.074,
       "kind": "rss-feed",
       "items_seen": 96
     },
@@ -315,7 +299,7 @@
       "system_id": "joomla",
       "source_name": "Joomla Security Centre",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "html-links",
       "items_seen": 139
     },
@@ -323,7 +307,7 @@
       "system_id": "joomla",
       "source_name": "OSV Joomla",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -331,7 +315,7 @@
       "system_id": "kibana",
       "source_name": "Elastic Security Announcements RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.074,
       "kind": "rss-feed",
       "items_seen": 25
     },
@@ -339,7 +323,7 @@
       "system_id": "koa",
       "source_name": "OSV Koa",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.019,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -347,7 +331,7 @@
       "system_id": "laravel",
       "source_name": "OSV Laravel",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.008,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -355,7 +339,7 @@
       "system_id": "magento-open-source",
       "source_name": "Magento GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "html-links",
       "items_seen": 99
     },
@@ -363,7 +347,7 @@
       "system_id": "magento-open-source",
       "source_name": "OSV Magento Open Source",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -371,7 +355,7 @@
       "system_id": "magento-open-source",
       "source_name": "Sansec Research",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "html-links",
       "items_seen": 134
     },
@@ -379,7 +363,7 @@
       "system_id": "mattermost",
       "source_name": "Mattermost Security Updates JSON",
       "source_kind": "json-feed",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.074,
       "kind": "json-feed",
       "items_seen": 594
     },
@@ -387,7 +371,7 @@
       "system_id": "mattermost",
       "source_name": "OSV Mattermost",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -395,7 +379,7 @@
       "system_id": "mediawiki",
       "source_name": "MediaWiki Announce RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "rss-feed",
       "items_seen": 30
     },
@@ -403,23 +387,15 @@
       "system_id": "mediawiki",
       "source_name": "OSV MediaWiki",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "medusa",
-      "source_name": "GitHub Medusa Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.032,
-      "kind": "html-links",
-      "items_seen": 102
-    },
     {
       "system_id": "medusa",
       "source_name": "OSV Medusa",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.032,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -427,7 +403,7 @@
       "system_id": "moodle",
       "source_name": "OSV Moodle",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -435,23 +411,15 @@
       "system_id": "nestjs",
       "source_name": "OSV NestJS",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.005,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "nextjs",
-      "source_name": "GitHub Next.js Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.03,
-      "kind": "html-links",
-      "items_seen": 123
-    },
     {
       "system_id": "nextjs",
       "source_name": "OSV Next.js",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.03,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -459,15 +427,15 @@
       "system_id": "nginx",
       "source_name": "CISA KEV NGINX",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.064,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "nginx",
       "source_name": "NGINX Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.023,
       "kind": "html-links",
       "items_seen": 138
     },
@@ -475,31 +443,23 @@
       "system_id": "nodejs",
       "source_name": "CISA KEV Node.js",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.028,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "nodejs",
       "source_name": "Node.js Security Releases",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.056,
+      "elapsed_seconds": 0.005,
       "kind": "html-links",
       "items_seen": 74
     },
-    {
-      "system_id": "nuxt",
-      "source_name": "Nuxt Security",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.03,
-      "kind": "html-links",
-      "items_seen": 118
-    },
     {
       "system_id": "nuxt",
       "source_name": "OSV Nuxt",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -507,7 +467,7 @@
       "system_id": "opencart",
       "source_name": "OSV OpenCart",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -515,7 +475,7 @@
       "system_id": "opencart",
       "source_name": "OpenCart Releases",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "html-links",
       "items_seen": 1500
     },
@@ -523,7 +483,7 @@
       "system_id": "openmage",
       "source_name": "OSV OpenMage",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.051,
+      "elapsed_seconds": 0.031,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -531,7 +491,7 @@
       "system_id": "openmage",
       "source_name": "OpenMage GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.051,
+      "elapsed_seconds": 0.032,
       "kind": "html-links",
       "items_seen": 125
     },
@@ -539,7 +499,7 @@
       "system_id": "phpmyadmin",
       "source_name": "OSV phpMyAdmin",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.064,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -547,7 +507,7 @@
       "system_id": "phpmyadmin",
       "source_name": "phpMyAdmin Security Page",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.064,
       "kind": "html-links",
       "items_seen": 262
     },
@@ -555,7 +515,7 @@
       "system_id": "prestashop",
       "source_name": "Friends Of Presta Security",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 38
     },
@@ -563,7 +523,7 @@
       "system_id": "prestashop",
       "source_name": "GitHub PrestaShop Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 127
     },
@@ -571,7 +531,7 @@
       "system_id": "prestashop",
       "source_name": "OSV PrestaShop",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -579,7 +539,7 @@
       "system_id": "prestashop",
       "source_name": "PrestaShop Security Page",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 60
     },
@@ -587,23 +547,15 @@
       "system_id": "rails",
       "source_name": "OSV Rails",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.039,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "react",
-      "source_name": "GitHub React Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.032,
-      "kind": "html-links",
-      "items_seen": 110
-    },
     {
       "system_id": "react",
       "source_name": "OSV React",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.03,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -611,7 +563,7 @@
       "system_id": "redmine",
       "source_name": "OSV Redmine",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.124,
+      "elapsed_seconds": 0.074,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -619,7 +571,7 @@
       "system_id": "redmine",
       "source_name": "Redmine Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.124,
+      "elapsed_seconds": 0.074,
       "kind": "html-links",
       "items_seen": 371
     },
@@ -627,7 +579,7 @@
       "system_id": "saleor",
       "source_name": "GitHub Saleor Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "html-links",
       "items_seen": 120
     },
@@ -635,7 +587,7 @@
       "system_id": "saleor",
       "source_name": "OSV Saleor",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -643,7 +595,7 @@
       "system_id": "shopware",
       "source_name": "OSV Shopware",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -651,7 +603,7 @@
       "system_id": "shopware",
       "source_name": "Shopware Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 129
     },
@@ -659,7 +611,7 @@
       "system_id": "spring-boot",
       "source_name": "OSV Spring Boot",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.01,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -667,7 +619,7 @@
       "system_id": "spring-boot",
       "source_name": "Spring Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.009,
       "kind": "html-links",
       "items_seen": 118
     },
@@ -675,7 +627,7 @@
       "system_id": "spring-framework",
       "source_name": "OSV Spring Framework",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.061,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -683,7 +635,7 @@
       "system_id": "spring-framework",
       "source_name": "Spring Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.054,
+      "elapsed_seconds": 0.021,
       "kind": "html-links",
       "items_seen": 118
     },
@@ -691,7 +643,7 @@
       "system_id": "spring-security",
       "source_name": "OSV Spring Security",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.136,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -699,7 +651,7 @@
       "system_id": "spring-security",
       "source_name": "Spring Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.053,
+      "elapsed_seconds": 0.01,
       "kind": "html-links",
       "items_seen": 118
     },
@@ -707,7 +659,7 @@
       "system_id": "strapi",
       "source_name": "OSV Strapi",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.057,
+      "elapsed_seconds": 0.037,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -715,7 +667,7 @@
       "system_id": "strapi",
       "source_name": "Strapi GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.058,
+      "elapsed_seconds": 0.037,
       "kind": "html-links",
       "items_seen": 124
     },
@@ -723,7 +675,7 @@
       "system_id": "sveltekit",
       "source_name": "OSV SvelteKit",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -731,23 +683,15 @@
       "system_id": "symfony",
       "source_name": "OSV Symfony",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.043,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "traefik",
-      "source_name": "GitHub Traefik Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
-      "kind": "html-links",
-      "items_seen": 124
-    },
     {
       "system_id": "traefik",
       "source_name": "OSV Traefik",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.074,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -755,7 +699,7 @@
       "system_id": "undici",
       "source_name": "OSV Undici",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.019,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -763,39 +707,23 @@
       "system_id": "vite",
       "source_name": "OSV Vite",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "vite",
-      "source_name": "Vite Security",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.017,
-      "kind": "html-links",
-      "items_seen": 124
-    },
     {
       "system_id": "vue",
       "source_name": "OSV Vue",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.03,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "vue",
-      "source_name": "Vue Security",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.03,
-      "kind": "html-links",
-      "items_seen": 111
-    },
     {
       "system_id": "webpack",
       "source_name": "OSV webpack",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -803,7 +731,7 @@
       "system_id": "werkzeug",
       "source_name": "OSV Werkzeug",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.006,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -811,7 +739,7 @@
       "system_id": "woocommerce",
       "source_name": "GitHub WooCommerce Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.031,
       "kind": "html-links",
       "items_seen": 107
     },
@@ -819,7 +747,7 @@
       "system_id": "woocommerce",
       "source_name": "OSV WooCommerce",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.031,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -827,7 +755,7 @@
       "system_id": "woocommerce",
       "source_name": "Patchstack Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 193
     },
@@ -835,7 +763,7 @@
       "system_id": "woocommerce",
       "source_name": "Woo Developer Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.031,
       "kind": "html-links",
       "items_seen": 121
     },
@@ -843,7 +771,7 @@
       "system_id": "woocommerce",
       "source_name": "Wordfence Vulnerability Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 0
     },
@@ -851,7 +779,7 @@
       "system_id": "wordpress",
       "source_name": "Patchstack Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.063,
+      "elapsed_seconds": 0.041,
       "kind": "html-links",
       "items_seen": 193
     },
@@ -859,7 +787,7 @@
       "system_id": "wordpress",
       "source_name": "PortSwigger Research",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.062,
+      "elapsed_seconds": 0.038,
       "kind": "html-links",
       "items_seen": 99
     },
@@ -867,7 +795,7 @@
       "system_id": "wordpress",
       "source_name": "WPScan Vulnerability Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.062,
+      "elapsed_seconds": 0.041,
       "kind": "html-links",
       "items_seen": 74
     },
@@ -875,7 +803,7 @@
       "system_id": "wordpress",
       "source_name": "WordPress Security News RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.063,
+      "elapsed_seconds": 0.041,
       "kind": "rss-feed",
       "items_seen": 10
     },
@@ -883,7 +811,7 @@
       "system_id": "wordpress",
       "source_name": "Wordfence Vulnerability Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.063,
+      "elapsed_seconds": 0.041,
       "kind": "html-links",
       "items_seen": 0
     }
@@ -891,73 +819,73 @@
   "failures": [],
   "slow_sources": [
     {
-      "system_id": "spring-security",
-      "source_name": "OSV Spring Security",
-      "source_kind": "osv-batch",
-      "elapsed_seconds": 0.136,
-      "status": "ok"
-    },
-    {
-      "system_id": "jenkins",
-      "source_name": "Jenkins Security Advisories RSS",
-      "source_kind": "rss-feed",
-      "elapsed_seconds": 0.126,
-      "status": "ok"
-    },
-    {
-      "system_id": "haproxy",
-      "source_name": "HAProxy Blog Feed",
-      "source_kind": "rss-feed",
-      "elapsed_seconds": 0.124,
-      "status": "ok"
-    },
-    {
-      "system_id": "redmine",
-      "source_name": "OSV Redmine",
-      "source_kind": "osv-batch",
-      "elapsed_seconds": 0.124,
-      "status": "ok"
-    },
-    {
-      "system_id": "redmine",
-      "source_name": "Redmine Security Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.124,
+      "system_id": "gitlab-ce",
+      "source_name": "GitLab Security Releases Atom",
+      "source_kind": "atom-feed",
+      "elapsed_seconds": 0.097,
       "status": "ok"
     },
     {
       "system_id": "adminer",
       "source_name": "OSV Adminer",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "status": "ok"
     },
     {
-      "system_id": "caddy",
-      "source_name": "OSV Caddy",
+      "system_id": "gitlab-ce",
+      "source_name": "GitLab Advisory Database",
+      "source_kind": "html-links",
+      "elapsed_seconds": 0.096,
+      "status": "ok"
+    },
+    {
+      "system_id": "mattermost",
+      "source_name": "OSV Mattermost",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "status": "ok"
     },
     {
-      "system_id": "django",
-      "source_name": "Django Security Releases Archive",
-      "source_kind": "vendor-index",
-      "elapsed_seconds": 0.123,
-      "status": "ok"
-    },
-    {
-      "system_id": "gin",
-      "source_name": "OSV Gin",
-      "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "system_id": "apache-httpd",
+      "source_name": "CISA KEV Apache HTTPD",
+      "source_kind": "kev-json",
+      "elapsed_seconds": 0.074,
       "status": "ok"
     },
     {
       "system_id": "gitea",
-      "source_name": "GitHub Gitea Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "source_name": "OSV Gitea",
+      "source_kind": "osv-batch",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "jenkins",
+      "source_name": "Jenkins Security Advisories RSS",
+      "source_kind": "rss-feed",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "kibana",
+      "source_name": "Elastic Security Announcements RSS",
+      "source_kind": "rss-feed",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "mattermost",
+      "source_name": "Mattermost Security Updates JSON",
+      "source_kind": "json-feed",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "redmine",
+      "source_name": "OSV Redmine",
+      "source_kind": "osv-batch",
+      "elapsed_seconds": 0.074,
       "status": "ok"
     }
   ],
@@ -1014,8 +942,8 @@
     {
       "system_id": "caddy",
       "display_name": "Caddy",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1098,8 +1026,8 @@
     {
       "system_id": "gitea",
       "display_name": "Gitea",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1189,8 +1117,8 @@
     {
       "system_id": "medusa",
       "display_name": "Medusa",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1210,8 +1138,8 @@
     {
       "system_id": "nextjs",
       "display_name": "Next.js",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1231,8 +1159,8 @@
     {
       "system_id": "nuxt",
       "display_name": "Nuxt",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1273,8 +1201,8 @@
     {
       "system_id": "react",
       "display_name": "React",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1343,8 +1271,8 @@
     {
       "system_id": "traefik",
       "display_name": "Traefik",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1357,15 +1285,15 @@
     {
       "system_id": "vite",
       "display_name": "Vite",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
       "system_id": "vue",
       "display_name": "Vue",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
diff --git a/08-threat-intel/generated/dashboard/docs/architecture-library.html b/08-threat-intel/generated/dashboard/docs/architecture-library.html
index dc84a036..99e943e5 100644
--- a/08-threat-intel/generated/dashboard/docs/architecture-library.html
+++ b/08-threat-intel/generated/dashboard/docs/architecture-library.html
@@ -87,7 +87,7 @@
       <h1>当前架构库镜像</h1>
       <div class="meta">工作台内置镜像页：当前架构库结构化数据镜像。</div>
       <pre>{
-  &quot;generated_at&quot;: &quot;2026-03-19T09:30:58+00:00&quot;,
+  &quot;generated_at&quot;: &quot;2026-03-19T23:44:56+00:00&quot;,
   &quot;title&quot;: &quot;当前架构库&quot;,
   &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
   &quot;sections&quot;: [
@@ -119,7 +119,7 @@
         },
         {
           &quot;label&quot;: &quot;当前漏洞条目&quot;,
-          &quot;value&quot;: &quot;2392&quot;
+          &quot;value&quot;: &quot;2399&quot;
         }
       ],
       &quot;fields&quot;: [
@@ -137,7 +137,7 @@
         },
         {
           &quot;label&quot;: &quot;生成时间&quot;,
-          &quot;value&quot;: &quot;2026-03-19T09:30:58+00:00&quot;
+          &quot;value&quot;: &quot;2026-03-19T23:44:56+00:00&quot;
         }
       ],
       &quot;links&quot;: [
@@ -5975,7 +5975,7 @@
         },
         {
           &quot;label&quot;: &quot;Advisory 数&quot;,
-          &quot;value&quot;: &quot;2392&quot;
+          &quot;value&quot;: &quot;2399&quot;
         },
         {
           &quot;label&quot;: &quot;状态类型&quot;,
@@ -5994,7 +5994,7 @@
           &quot;items&quot;: [
             {
               &quot;title&quot;: &quot;人工分诊&quot;,
-              &quot;summary&quot;: &quot;当前累计 2303 条。&quot;,
+              &quot;summary&quot;: &quot;当前累计 2310 条。&quot;,
               &quot;open&quot;: false,
               &quot;fields&quot;: [
                 {
@@ -6003,7 +6003,7 @@
                 },
                 {
                   &quot;label&quot;: &quot;数量&quot;,
-                  &quot;value&quot;: &quot;2303&quot;
+                  &quot;value&quot;: &quot;2310&quot;
                 }
               ]
             },
diff --git a/08-threat-intel/generated/dashboard/docs/coverage-matrix.html b/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
index 4a0e6f51..c8315a5d 100644
--- a/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
+++ b/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
@@ -116,16 +116,16 @@
 | HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
 | Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
-| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
+| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
 | Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
 | Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
 | Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
-| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
+| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
 | MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
diff --git a/08-threat-intel/generated/dashboard/docs/retired-sources.html b/08-threat-intel/generated/dashboard/docs/retired-sources.html
index ca606248..6c9f737f 100644
--- a/08-threat-intel/generated/dashboard/docs/retired-sources.html
+++ b/08-threat-intel/generated/dashboard/docs/retired-sources.html
@@ -213,6 +213,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;caddy&quot;,
+    &quot;display_name&quot;: &quot;Caddy&quot;,
+    &quot;source_name&quot;: &quot;GitHub Caddy Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Caddy&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/caddyserver/caddy/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;discourse&quot;,
     &quot;display_name&quot;: &quot;Discourse&quot;,
@@ -350,6 +362,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;gitea&quot;,
+    &quot;display_name&quot;: &quot;Gitea&quot;,
+    &quot;source_name&quot;: &quot;GitHub Gitea Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Gitea&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/go-gitea/gitea/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;gitlab-ce&quot;,
     &quot;display_name&quot;: &quot;GitLab CE&quot;,
@@ -562,6 +586,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;medusa&quot;,
+    &quot;display_name&quot;: &quot;Medusa&quot;,
+    &quot;source_name&quot;: &quot;GitHub Medusa Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Medusa&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/medusajs/medusa/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;moodle&quot;,
     &quot;display_name&quot;: &quot;Moodle&quot;,
@@ -623,6 +659,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;nextjs&quot;,
+    &quot;display_name&quot;: &quot;Next.js&quot;,
+    &quot;source_name&quot;: &quot;GitHub Next.js Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Next.js&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/vercel/next.js/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;nginx&quot;,
     &quot;display_name&quot;: &quot;Nginx&quot;,
@@ -649,6 +697,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;nuxt&quot;,
+    &quot;display_name&quot;: &quot;Nuxt&quot;,
+    &quot;source_name&quot;: &quot;Nuxt Security&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Nuxt&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/nuxt/nuxt/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;opencart&quot;,
     &quot;display_name&quot;: &quot;OpenCart&quot;,
@@ -739,6 +799,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;react&quot;,
+    &quot;display_name&quot;: &quot;React&quot;,
+    &quot;source_name&quot;: &quot;GitHub React Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV React&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/facebook/react/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;redmine&quot;,
     &quot;display_name&quot;: &quot;Redmine&quot;,
@@ -840,6 +912,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;traefik&quot;,
+    &quot;display_name&quot;: &quot;Traefik&quot;,
+    &quot;source_name&quot;: &quot;GitHub Traefik Advisories&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Traefik&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/traefik/traefik/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;undici&quot;,
     &quot;display_name&quot;: &quot;Undici&quot;,
@@ -877,6 +961,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;vite&quot;,
+    &quot;display_name&quot;: &quot;Vite&quot;,
+    &quot;source_name&quot;: &quot;Vite Security&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Vite&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/vitejs/vite/security/advisories&quot;
+  },
   {
     &quot;system_id&quot;: &quot;vue&quot;,
     &quot;display_name&quot;: &quot;Vue&quot;,
@@ -890,6 +986,18 @@
     ],
     &quot;url&quot;: &quot;&quot;
   },
+  {
+    &quot;system_id&quot;: &quot;vue&quot;,
+    &quot;display_name&quot;: &quot;Vue&quot;,
+    &quot;source_name&quot;: &quot;Vue Security&quot;,
+    &quot;bucket&quot;: &quot;official_sources&quot;,
+    &quot;kind&quot;: &quot;html-links&quot;,
+    &quot;retired_reason&quot;: &quot;OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
+    &quot;replacement_sources&quot;: [
+      &quot;OSV Vue&quot;
+    ],
+    &quot;url&quot;: &quot;https://github.com/vuejs/core/security&quot;
+  },
   {
     &quot;system_id&quot;: &quot;webpack&quot;,
     &quot;display_name&quot;: &quot;webpack&quot;,
diff --git a/08-threat-intel/generated/dashboard/docs/source-catalog-audit.html b/08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
index 15703f24..b2f56e28 100644
--- a/08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
+++ b/08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
@@ -88,11 +88,11 @@
       <div class="meta">工作台内置镜像页：active/retired source、replacement map 与覆盖摘要。</div>
       <pre># Source Catalog Audit
 
-- generated_at: `2026-03-19T09:30:54+00:00`
+- generated_at: `2026-03-19T23:44:51+00:00`
 - systems: `62`
 - sources: `179`
-- active_sources: `110`
-- retired_sources: `69`
+- active_sources: `101`
+- retired_sources: `78`
 - systems_with_active_official: `61/62`
 - systems_with_machine_readable_source: `61/62`
 
@@ -108,6 +108,7 @@
 - `apache-tomcat` `NVD Tomcat` -&gt; replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
 - `aspnet-core` `NVD ASP.NET Core` -&gt; replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
 - `astro` `GitHub Global Advisories` -&gt; replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+- `caddy` `GitHub Caddy Advisories` -&gt; replacements: `OSV Caddy` | reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `discourse` `Discourse Meta Security` -&gt; replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
 - `discourse` `GitHub Discourse Advisories` -&gt; replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
 - `django` `Django Security RSS` -&gt; replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
@@ -119,6 +120,7 @@
 - `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
 - `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
 - `ghost` `NVD Ghost` -&gt; replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
+- `gitea` `GitHub Gitea Advisories` -&gt; replacements: `OSV Gitea` | reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `gitlab-ce` `GitLab Security Releases` -&gt; replacements: `GitLab Security Releases Atom` | reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
 - `gitlab-ce` `NVD GitLab` -&gt; replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
 - `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
@@ -136,13 +138,16 @@
 - `mattermost` `NVD Mattermost` -&gt; replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
 - `mediawiki` `MediaWiki Security Releases` -&gt; replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
 - `mediawiki` `NVD MediaWiki` -&gt; replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
+- `medusa` `GitHub Medusa Advisories` -&gt; replacements: `OSV Medusa` | reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `moodle` `Moodle Security News` -&gt; replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic &quot;Discuss this topic&quot; anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
 - `moodle` `NVD Moodle` -&gt; replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
 - `nestjs` `GitHub Global Advisories` -&gt; replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
 - `nestjs` `NVD NestJS` -&gt; replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
 - `nextjs` `GitHub Global Advisories` -&gt; replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+- `nextjs` `GitHub Next.js Advisories` -&gt; replacements: `OSV Next.js` | reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `nginx` `NVD NGINX` -&gt; replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
 - `nuxt` `GitHub Global Advisories` -&gt; replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+- `nuxt` `Nuxt Security` -&gt; replacements: `OSV Nuxt` | reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `opencart` `NVD OpenCart` -&gt; replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
 - `openmage` `NVD OpenMage` -&gt; replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
 - `phpmyadmin` `NVD phpMyAdmin` -&gt; replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
@@ -150,6 +155,7 @@
 - `rails` `GitHub Global Advisories` -&gt; replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
 - `rails` `NVD Ruby on Rails` -&gt; replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
 - `react` `GitHub Global Advisories` -&gt; replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+- `react` `GitHub React Advisories` -&gt; replacements: `OSV React` | reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `redmine` `NVD Redmine` -&gt; replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
 - `saleor` `NVD Saleor` -&gt; replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
 - `shopware` `NVD Shopware` -&gt; replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
@@ -158,10 +164,13 @@
 - `spring-security` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
 - `sveltekit` `GitHub Global Advisories` -&gt; replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
 - `symfony` `GitHub Global Advisories` -&gt; replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+- `traefik` `GitHub Traefik Advisories` -&gt; replacements: `OSV Traefik` | reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `undici` `GitHub Global Advisories` -&gt; replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
 - `undici` `NVD Undici` -&gt; replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
 - `vite` `GitHub Global Advisories` -&gt; replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+- `vite` `Vite Security` -&gt; replacements: `OSV Vite` | reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `vue` `GitHub Global Advisories` -&gt; replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+- `vue` `Vue Security` -&gt; replacements: `OSV Vue` | reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `webpack` `GitHub Global Advisories` -&gt; replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
 - `webpack` `NVD webpack` -&gt; replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
 - `werkzeug` `GitHub Global Advisories` -&gt; replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
diff --git a/08-threat-intel/generated/dashboard/docs/source-map.html b/08-threat-intel/generated/dashboard/docs/source-map.html
index 7a2b1a65..990b1496 100644
--- a/08-threat-intel/generated/dashboard/docs/source-map.html
+++ b/08-threat-intel/generated/dashboard/docs/source-map.html
@@ -916,6 +916,9 @@ systems:
         advisory_mode: core
         keywords: [medusa]
         max_items: 50
+        status: retired
+        retired_reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Medusa]
       - name: OSV Medusa
         kind: osv-batch
         confidence: official
@@ -946,6 +949,9 @@ systems:
         advisory_mode: core
         keywords: [react]
         max_items: 50
+        status: retired
+        retired_reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV React]
       - name: GHSA React
         kind: ghsa-global
         ecosystem: npm
@@ -987,6 +993,9 @@ systems:
         advisory_mode: core
         keywords: [next.js, next]
         max_items: 50
+        status: retired
+        retired_reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Next.js]
       - name: GHSA Next.js
         kind: ghsa-global
         ecosystem: npm
@@ -1026,6 +1035,9 @@ systems:
         advisory_mode: core
         keywords: [vue]
         max_items: 50
+        status: retired
+        retired_reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Vue]
       - name: GHSA Vue
         kind: ghsa-global
         ecosystem: npm
@@ -1067,6 +1079,9 @@ systems:
         advisory_mode: core
         keywords: [nuxt]
         max_items: 50
+        status: retired
+        retired_reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Nuxt]
       - name: GHSA Nuxt
         kind: ghsa-global
         ecosystem: npm
@@ -1106,6 +1121,9 @@ systems:
         advisory_mode: core
         keywords: [vite]
         max_items: 50
+        status: retired
+        retired_reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Vite]
       - name: GHSA Vite
         kind: ghsa-global
         ecosystem: npm
@@ -2112,6 +2130,9 @@ systems:
         advisory_mode: server
         keywords: [caddy]
         max_items: 50
+        status: retired
+        retired_reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Caddy]
       - name: OSV Caddy
         kind: osv-batch
         confidence: official
@@ -2142,6 +2163,9 @@ systems:
         advisory_mode: server
         keywords: [traefik]
         max_items: 50
+        status: retired
+        retired_reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Traefik]
       - name: OSV Traefik
         kind: osv-batch
         confidence: official
@@ -2286,6 +2310,9 @@ systems:
         advisory_mode: core
         keywords: [gitea]
         max_items: 50
+        status: retired
+        retired_reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Gitea]
       - name: OSV Gitea
         kind: osv-batch
         confidence: official
diff --git a/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html b/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
index 3de5e980..68d723d4 100644
--- a/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
+++ b/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
@@ -88,15 +88,15 @@
       <div class="meta">工作台内置镜像页：89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
       <pre># 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-19T09:30:58+00:00`
+- 生成时间: `2026-03-19T23:44:56+00:00`
 - 最新 advisory 完整度: `89/89` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
 - 人工/待补证据数量: `0`
 - 完整度百分比: `100.0%`
-- active source 全绿: `110/110`
+- active source 全绿: `101/101`
 - source open alerts: `0`
-- 最近一次 source 全绿: `2026-03-19T09:30:54+00:00`
+- 最近一次 source 全绿: `2026-03-19T23:44:51+00:00`
 
 ## 系统覆盖矩阵
 
@@ -118,8 +118,8 @@
 ## Ingest / Source 健康度
 
 - source failures: `0`
-- active sources: `110`
-- green sources: `110`
+- active sources: `101`
+- green sources: `101`
 - open alerts: `0`
 
 ## 剩余风险说明
diff --git a/08-threat-intel/generated/dashboard/summary.json b/08-threat-intel/generated/dashboard/summary.json
index dc75c1a0..c30bea80 100644
--- a/08-threat-intel/generated/dashboard/summary.json
+++ b/08-threat-intel/generated/dashboard/summary.json
@@ -1,9 +1,9 @@
 {
-  "generated_at": "2026-03-19T09:30:58+00:00",
-  "advisory_count": 2392,
+  "generated_at": "2026-03-19T23:44:56+00:00",
+  "advisory_count": 2399,
   "run_count": 140,
   "statuses": {
-    "triage-manual": 2303,
+    "triage-manual": 2310,
     "verified-real": 89
   },
   "run_statuses": {
@@ -154,11 +154,11 @@
     }
   ],
   "monitoring": {
-    "active_source_count": 110,
-    "green_source_count": 110,
+    "active_source_count": 101,
+    "green_source_count": 101,
     "source_failure_count": 0,
     "open_alert_count": 0,
-    "last_fully_green_run": "2026-03-19T09:30:54+00:00"
+    "last_fully_green_run": "2026-03-19T23:44:51+00:00"
   },
   "systems": [
     {
@@ -667,7 +667,7 @@
       "manual": 40,
       "browser_required": 0,
       "browser_present": 21,
-      "latest_update": "2026-03-18T22:02:16.858114Z",
+      "latest_update": "2026-03-19T18:48:06.587119Z",
       "category": "frameworks",
       "tier": "history-full",
       "output_dir": "07-framework-security/frameworks/nextjs",
@@ -872,6 +872,29 @@
         }
       ]
     },
+    {
+      "system_id": "kibana",
+      "display_name": "Kibana",
+      "total": 47,
+      "verified_real": 0,
+      "verified_synthetic": 0,
+      "blocked": 0,
+      "manual": 47,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "Thu, 19 Mar 2026 16:59:58 +0000",
+      "category": "platforms",
+      "tier": "rolling-24m",
+      "output_dir": "07-framework-security/platforms/kibana",
+      "families": [
+        {
+          "family": "xss",
+          "total": 47,
+          "verified_real": 0,
+          "manual": 47
+        }
+      ]
+    },
     {
       "system_id": "traefik",
       "display_name": "Traefik",
@@ -965,29 +988,6 @@
         }
       ]
     },
-    {
-      "system_id": "kibana",
-      "display_name": "Kibana",
-      "total": 41,
-      "verified_real": 0,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 41,
-      "browser_required": 0,
-      "browser_present": 0,
-      "latest_update": "",
-      "category": "platforms",
-      "tier": "rolling-24m",
-      "output_dir": "07-framework-security/platforms/kibana",
-      "families": [
-        {
-          "family": "xss",
-          "total": 41,
-          "verified_real": 0,
-          "manual": 41
-        }
-      ]
-    },
     {
       "system_id": "moodle",
       "display_name": "Moodle",
@@ -1284,6 +1284,29 @@
         }
       ]
     },
+    {
+      "system_id": "mattermost",
+      "display_name": "Mattermost",
+      "total": 21,
+      "verified_real": 0,
+      "verified_synthetic": 0,
+      "blocked": 0,
+      "manual": 21,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "Fix Release Date",
+      "category": "platforms",
+      "tier": "rolling-24m",
+      "output_dir": "07-framework-security/platforms/mattermost",
+      "families": [
+        {
+          "family": "xss",
+          "total": 21,
+          "verified_real": 0,
+          "manual": 21
+        }
+      ]
+    },
     {
       "system_id": "react",
       "display_name": "React",
@@ -1307,29 +1330,6 @@
         }
       ]
     },
-    {
-      "system_id": "mattermost",
-      "display_name": "Mattermost",
-      "total": 20,
-      "verified_real": 0,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 20,
-      "browser_required": 0,
-      "browser_present": 0,
-      "latest_update": "Fix Release Date",
-      "category": "platforms",
-      "tier": "rolling-24m",
-      "output_dir": "07-framework-security/platforms/mattermost",
-      "families": [
-        {
-          "family": "xss",
-          "total": 20,
-          "verified_real": 0,
-          "manual": 20
-        }
-      ]
-    },
     {
       "system_id": "medusa",
       "display_name": "Medusa",
@@ -1969,7 +1969,7 @@
     "verified_ratio": 100.0,
     "complete": true,
     "source_failure_count": 0,
-    "active_source_count": 110,
+    "active_source_count": 101,
     "open_alert_count": 0
   }
 }
diff --git a/08-threat-intel/generated/dashboard/systems.json b/08-threat-intel/generated/dashboard/systems.json
index eca1dda5..162b03db 100644
--- a/08-threat-intel/generated/dashboard/systems.json
+++ b/08-threat-intel/generated/dashboard/systems.json
@@ -505,7 +505,7 @@
     "manual": 40,
     "browser_required": 0,
     "browser_present": 21,
-    "latest_update": "2026-03-18T22:02:16.858114Z",
+    "latest_update": "2026-03-19T18:48:06.587119Z",
     "category": "frameworks",
     "tier": "history-full",
     "output_dir": "07-framework-security/frameworks/nextjs",
@@ -710,6 +710,29 @@
       }
     ]
   },
+  {
+    "system_id": "kibana",
+    "display_name": "Kibana",
+    "total": 47,
+    "verified_real": 0,
+    "verified_synthetic": 0,
+    "blocked": 0,
+    "manual": 47,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "Thu, 19 Mar 2026 16:59:58 +0000",
+    "category": "platforms",
+    "tier": "rolling-24m",
+    "output_dir": "07-framework-security/platforms/kibana",
+    "families": [
+      {
+        "family": "xss",
+        "total": 47,
+        "verified_real": 0,
+        "manual": 47
+      }
+    ]
+  },
   {
     "system_id": "traefik",
     "display_name": "Traefik",
@@ -803,29 +826,6 @@
       }
     ]
   },
-  {
-    "system_id": "kibana",
-    "display_name": "Kibana",
-    "total": 41,
-    "verified_real": 0,
-    "verified_synthetic": 0,
-    "blocked": 0,
-    "manual": 41,
-    "browser_required": 0,
-    "browser_present": 0,
-    "latest_update": "",
-    "category": "platforms",
-    "tier": "rolling-24m",
-    "output_dir": "07-framework-security/platforms/kibana",
-    "families": [
-      {
-        "family": "xss",
-        "total": 41,
-        "verified_real": 0,
-        "manual": 41
-      }
-    ]
-  },
   {
     "system_id": "moodle",
     "display_name": "Moodle",
@@ -1122,6 +1122,29 @@
       }
     ]
   },
+  {
+    "system_id": "mattermost",
+    "display_name": "Mattermost",
+    "total": 21,
+    "verified_real": 0,
+    "verified_synthetic": 0,
+    "blocked": 0,
+    "manual": 21,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "Fix Release Date",
+    "category": "platforms",
+    "tier": "rolling-24m",
+    "output_dir": "07-framework-security/platforms/mattermost",
+    "families": [
+      {
+        "family": "xss",
+        "total": 21,
+        "verified_real": 0,
+        "manual": 21
+      }
+    ]
+  },
   {
     "system_id": "react",
     "display_name": "React",
@@ -1145,29 +1168,6 @@
       }
     ]
   },
-  {
-    "system_id": "mattermost",
-    "display_name": "Mattermost",
-    "total": 20,
-    "verified_real": 0,
-    "verified_synthetic": 0,
-    "blocked": 0,
-    "manual": 20,
-    "browser_required": 0,
-    "browser_present": 0,
-    "latest_update": "Fix Release Date",
-    "category": "platforms",
-    "tier": "rolling-24m",
-    "output_dir": "07-framework-security/platforms/mattermost",
-    "families": [
-      {
-        "family": "xss",
-        "total": 20,
-        "verified_real": 0,
-        "manual": 20
-      }
-    ]
-  },
   {
     "system_id": "medusa",
     "display_name": "Medusa",
diff --git a/08-threat-intel/generated/latest-ingest.md b/08-threat-intel/generated/latest-ingest.md
index bd9569e1..f0a4131f 100644
--- a/08-threat-intel/generated/latest-ingest.md
+++ b/08-threat-intel/generated/latest-ingest.md
@@ -1,11 +1,11 @@
 # 最新同步摘要
 
-- 渲染时间: `2026-03-19T09:30:58+00:00`
+- 渲染时间: `2026-03-19T23:44:56+00:00`
 - 系统数量: `62`
-- Advisory 数量: `2348`
-- 重点 Markdown 数量: `156`
+- Advisory 数量: `2355`
+- 重点 Markdown 数量: `157`
 - Run Bundle 数量: `89`
-- 新增记录: `0`
-- 更新记录: `0`
-- Triage 数量: `1169`
+- 新增记录: `7`
+- 更新记录: `5`
+- Triage 数量: `1175`
 - 失败的 source adapter: `0`
diff --git a/08-threat-intel/generated/monitor-summary.json b/08-threat-intel/generated/monitor-summary.json
index 9391444d..d5acf3c4 100644
--- a/08-threat-intel/generated/monitor-summary.json
+++ b/08-threat-intel/generated/monitor-summary.json
@@ -1,21 +1,25 @@
 {
-  "generated_at": "2026-03-19T09:30:54+00:00",
-  "active_source_count": 110,
-  "green_source_count": 110,
+  "generated_at": "2026-03-19T23:44:51+00:00",
+  "active_source_count": 101,
+  "green_source_count": 101,
   "source_failure_count": 0,
   "open_alert_count": 0,
   "resolved_alert_count": 4,
-  "last_fully_green_run": "2026-03-19T09:30:54+00:00",
+  "last_fully_green_run": "2026-03-19T23:44:51+00:00",
   "source_catalog": {
     "system_count": 62,
     "source_count": 179,
-    "retired_source_count": 69
+    "retired_source_count": 78
   },
   "ingest": {
-    "new_count": 0,
-    "updated_count": 0,
+    "new_count": 7,
+    "updated_count": 5,
     "failure_count": 0,
-    "systems_touched": []
+    "systems_touched": [
+      "kibana",
+      "mattermost",
+      "nextjs"
+    ]
   },
   "validation": {
     "passed": true,
diff --git a/08-threat-intel/generated/retired-sources.json b/08-threat-intel/generated/retired-sources.json
index 3b998092..6e1e00c5 100644
--- a/08-threat-intel/generated/retired-sources.json
+++ b/08-threat-intel/generated/retired-sources.json
@@ -125,6 +125,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "caddy",
+    "display_name": "Caddy",
+    "source_name": "GitHub Caddy Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Caddy"
+    ],
+    "url": "https://github.com/caddyserver/caddy/security/advisories"
+  },
   {
     "system_id": "discourse",
     "display_name": "Discourse",
@@ -262,6 +274,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "gitea",
+    "display_name": "Gitea",
+    "source_name": "GitHub Gitea Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Gitea"
+    ],
+    "url": "https://github.com/go-gitea/gitea/security/advisories"
+  },
   {
     "system_id": "gitlab-ce",
     "display_name": "GitLab CE",
@@ -474,6 +498,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "medusa",
+    "display_name": "Medusa",
+    "source_name": "GitHub Medusa Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Medusa"
+    ],
+    "url": "https://github.com/medusajs/medusa/security/advisories"
+  },
   {
     "system_id": "moodle",
     "display_name": "Moodle",
@@ -535,6 +571,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "nextjs",
+    "display_name": "Next.js",
+    "source_name": "GitHub Next.js Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Next.js"
+    ],
+    "url": "https://github.com/vercel/next.js/security/advisories"
+  },
   {
     "system_id": "nginx",
     "display_name": "Nginx",
@@ -561,6 +609,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "nuxt",
+    "display_name": "Nuxt",
+    "source_name": "Nuxt Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Nuxt"
+    ],
+    "url": "https://github.com/nuxt/nuxt/security/advisories"
+  },
   {
     "system_id": "opencart",
     "display_name": "OpenCart",
@@ -651,6 +711,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "react",
+    "display_name": "React",
+    "source_name": "GitHub React Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV React"
+    ],
+    "url": "https://github.com/facebook/react/security/advisories"
+  },
   {
     "system_id": "redmine",
     "display_name": "Redmine",
@@ -752,6 +824,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "traefik",
+    "display_name": "Traefik",
+    "source_name": "GitHub Traefik Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Traefik"
+    ],
+    "url": "https://github.com/traefik/traefik/security/advisories"
+  },
   {
     "system_id": "undici",
     "display_name": "Undici",
@@ -789,6 +873,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "vite",
+    "display_name": "Vite",
+    "source_name": "Vite Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Vite"
+    ],
+    "url": "https://github.com/vitejs/vite/security/advisories"
+  },
   {
     "system_id": "vue",
     "display_name": "Vue",
@@ -802,6 +898,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "vue",
+    "display_name": "Vue",
+    "source_name": "Vue Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Vue"
+    ],
+    "url": "https://github.com/vuejs/core/security"
+  },
   {
     "system_id": "webpack",
     "display_name": "webpack",
diff --git a/08-threat-intel/generated/run-summary.json b/08-threat-intel/generated/run-summary.json
index 0c34a628..8dcf5c83 100644
--- a/08-threat-intel/generated/run-summary.json
+++ b/08-threat-intel/generated/run-summary.json
@@ -1,12 +1,16 @@
 {
-  "generated_at": "2026-03-19T09:30:58+00:00",
+  "generated_at": "2026-03-19T23:44:56+00:00",
   "system_count": 62,
-  "advisory_count": 2348,
-  "markdown_count": 156,
-  "new_count": 0,
-  "updated_count": 0,
-  "systems_touched": [],
-  "triage_count": 1169,
+  "advisory_count": 2355,
+  "markdown_count": 157,
+  "new_count": 7,
+  "updated_count": 5,
+  "systems_touched": [
+    "kibana",
+    "mattermost",
+    "nextjs"
+  ],
+  "triage_count": 1175,
   "run_bundle_count": 89,
   "failures": []
 }
diff --git a/08-threat-intel/generated/source-catalog-audit.json b/08-threat-intel/generated/source-catalog-audit.json
index 109ba677..0bf4178e 100644
--- a/08-threat-intel/generated/source-catalog-audit.json
+++ b/08-threat-intel/generated/source-catalog-audit.json
@@ -1,9 +1,9 @@
 {
-  "generated_at": "2026-03-19T09:30:54+00:00",
+  "generated_at": "2026-03-19T23:44:51+00:00",
   "system_count": 62,
   "source_count": 179,
-  "active_source_count": 110,
-  "retired_source_count": 69,
+  "active_source_count": 101,
+  "retired_source_count": 78,
   "systems_with_active_official": 61,
   "systems_with_machine_readable_source": 61,
   "systems": [
@@ -118,9 +118,9 @@
       "category": "servers",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -298,9 +298,9 @@
       "category": "platforms",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -493,9 +493,9 @@
       "category": "ecommerce",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -538,9 +538,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -583,9 +583,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -673,9 +673,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -823,9 +823,9 @@
       "category": "servers",
       "tier": "rolling-24m",
       "source_total": 2,
-      "active_source_total": 2,
-      "retired_source_total": 0,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 1,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -853,9 +853,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -868,9 +868,9 @@
       "category": "frameworks",
       "tier": "history-full",
       "source_total": 3,
-      "active_source_total": 2,
-      "retired_source_total": 1,
-      "official_active": 2,
+      "active_source_total": 1,
+      "retired_source_total": 2,
+      "official_active": 1,
       "ecosystem_active": 0,
       "research_active": 0,
       "machine_readable_active": 1,
@@ -1065,6 +1065,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "caddy",
+      "display_name": "Caddy",
+      "source_name": "GitHub Caddy Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Caddy"
+      ],
+      "url": "https://github.com/caddyserver/caddy/security/advisories"
+    },
     {
       "system_id": "discourse",
       "display_name": "Discourse",
@@ -1202,6 +1214,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "gitea",
+      "display_name": "Gitea",
+      "source_name": "GitHub Gitea Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Gitea"
+      ],
+      "url": "https://github.com/go-gitea/gitea/security/advisories"
+    },
     {
       "system_id": "gitlab-ce",
       "display_name": "GitLab CE",
@@ -1414,6 +1438,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "medusa",
+      "display_name": "Medusa",
+      "source_name": "GitHub Medusa Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Medusa"
+      ],
+      "url": "https://github.com/medusajs/medusa/security/advisories"
+    },
     {
       "system_id": "moodle",
       "display_name": "Moodle",
@@ -1475,6 +1511,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "nextjs",
+      "display_name": "Next.js",
+      "source_name": "GitHub Next.js Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Next.js"
+      ],
+      "url": "https://github.com/vercel/next.js/security/advisories"
+    },
     {
       "system_id": "nginx",
       "display_name": "Nginx",
@@ -1501,6 +1549,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "nuxt",
+      "display_name": "Nuxt",
+      "source_name": "Nuxt Security",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Nuxt"
+      ],
+      "url": "https://github.com/nuxt/nuxt/security/advisories"
+    },
     {
       "system_id": "opencart",
       "display_name": "OpenCart",
@@ -1591,6 +1651,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "react",
+      "display_name": "React",
+      "source_name": "GitHub React Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV React"
+      ],
+      "url": "https://github.com/facebook/react/security/advisories"
+    },
     {
       "system_id": "redmine",
       "display_name": "Redmine",
@@ -1692,6 +1764,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "traefik",
+      "display_name": "Traefik",
+      "source_name": "GitHub Traefik Advisories",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Traefik"
+      ],
+      "url": "https://github.com/traefik/traefik/security/advisories"
+    },
     {
       "system_id": "undici",
       "display_name": "Undici",
@@ -1729,6 +1813,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "vite",
+      "display_name": "Vite",
+      "source_name": "Vite Security",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Vite"
+      ],
+      "url": "https://github.com/vitejs/vite/security/advisories"
+    },
     {
       "system_id": "vue",
       "display_name": "Vue",
@@ -1742,6 +1838,18 @@
       ],
       "url": ""
     },
+    {
+      "system_id": "vue",
+      "display_name": "Vue",
+      "source_name": "Vue Security",
+      "bucket": "official_sources",
+      "kind": "html-links",
+      "retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+      "replacement_sources": [
+        "OSV Vue"
+      ],
+      "url": "https://github.com/vuejs/core/security"
+    },
     {
       "system_id": "webpack",
       "display_name": "webpack",
@@ -1884,6 +1992,13 @@
         "OSV Astro"
       ]
     },
+    {
+      "system_id": "caddy",
+      "retired_source": "GitHub Caddy Advisories",
+      "replacement_sources": [
+        "OSV Caddy"
+      ]
+    },
     {
       "system_id": "discourse",
       "retired_source": "Discourse Meta Security",
@@ -1966,6 +2081,13 @@
         "OSV Ghost"
       ]
     },
+    {
+      "system_id": "gitea",
+      "retired_source": "GitHub Gitea Advisories",
+      "replacement_sources": [
+        "OSV Gitea"
+      ]
+    },
     {
       "system_id": "gitlab-ce",
       "retired_source": "GitLab Security Releases",
@@ -2093,6 +2215,13 @@
         "OSV MediaWiki"
       ]
     },
+    {
+      "system_id": "medusa",
+      "retired_source": "GitHub Medusa Advisories",
+      "replacement_sources": [
+        "OSV Medusa"
+      ]
+    },
     {
       "system_id": "moodle",
       "retired_source": "Moodle Security News",
@@ -2129,6 +2258,13 @@
         "OSV Next.js"
       ]
     },
+    {
+      "system_id": "nextjs",
+      "retired_source": "GitHub Next.js Advisories",
+      "replacement_sources": [
+        "OSV Next.js"
+      ]
+    },
     {
       "system_id": "nginx",
       "retired_source": "NVD NGINX",
@@ -2145,6 +2281,13 @@
         "OSV Nuxt"
       ]
     },
+    {
+      "system_id": "nuxt",
+      "retired_source": "Nuxt Security",
+      "replacement_sources": [
+        "OSV Nuxt"
+      ]
+    },
     {
       "system_id": "opencart",
       "retired_source": "NVD OpenCart",
@@ -2200,6 +2343,13 @@
         "OSV React"
       ]
     },
+    {
+      "system_id": "react",
+      "retired_source": "GitHub React Advisories",
+      "replacement_sources": [
+        "OSV React"
+      ]
+    },
     {
       "system_id": "redmine",
       "retired_source": "NVD Redmine",
@@ -2261,6 +2411,13 @@
         "OSV Symfony"
       ]
     },
+    {
+      "system_id": "traefik",
+      "retired_source": "GitHub Traefik Advisories",
+      "replacement_sources": [
+        "OSV Traefik"
+      ]
+    },
     {
       "system_id": "undici",
       "retired_source": "GitHub Global Advisories",
@@ -2283,6 +2440,13 @@
         "OSV Vite"
       ]
     },
+    {
+      "system_id": "vite",
+      "retired_source": "Vite Security",
+      "replacement_sources": [
+        "OSV Vite"
+      ]
+    },
     {
       "system_id": "vue",
       "retired_source": "GitHub Global Advisories",
@@ -2291,6 +2455,13 @@
         "OSV Vue"
       ]
     },
+    {
+      "system_id": "vue",
+      "retired_source": "Vue Security",
+      "replacement_sources": [
+        "OSV Vue"
+      ]
+    },
     {
       "system_id": "webpack",
       "retired_source": "GitHub Global Advisories",
diff --git a/08-threat-intel/generated/source-catalog-audit.md b/08-threat-intel/generated/source-catalog-audit.md
index 9d088811..5d4c0796 100644
--- a/08-threat-intel/generated/source-catalog-audit.md
+++ b/08-threat-intel/generated/source-catalog-audit.md
@@ -1,10 +1,10 @@
 # Source Catalog Audit
 
-- generated_at: `2026-03-19T09:30:54+00:00`
+- generated_at: `2026-03-19T23:44:51+00:00`
 - systems: `62`
 - sources: `179`
-- active_sources: `110`
-- retired_sources: `69`
+- active_sources: `101`
+- retired_sources: `78`
 - systems_with_active_official: `61/62`
 - systems_with_machine_readable_source: `61/62`
 
@@ -20,6 +20,7 @@
 - `apache-tomcat` `NVD Tomcat` -> replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
 - `aspnet-core` `NVD ASP.NET Core` -> replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
 - `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+- `caddy` `GitHub Caddy Advisories` -> replacements: `OSV Caddy` | reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
 - `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
 - `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
@@ -31,6 +32,7 @@
 - `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
 - `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
 - `ghost` `NVD Ghost` -> replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
+- `gitea` `GitHub Gitea Advisories` -> replacements: `OSV Gitea` | reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `gitlab-ce` `GitLab Security Releases` -> replacements: `GitLab Security Releases Atom` | reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
 - `gitlab-ce` `NVD GitLab` -> replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
 - `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
@@ -48,13 +50,16 @@
 - `mattermost` `NVD Mattermost` -> replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
 - `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
 - `mediawiki` `NVD MediaWiki` -> replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
+- `medusa` `GitHub Medusa Advisories` -> replacements: `OSV Medusa` | reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
 - `moodle` `NVD Moodle` -> replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
 - `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
 - `nestjs` `NVD NestJS` -> replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
 - `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+- `nextjs` `GitHub Next.js Advisories` -> replacements: `OSV Next.js` | reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `nginx` `NVD NGINX` -> replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
 - `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+- `nuxt` `Nuxt Security` -> replacements: `OSV Nuxt` | reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `opencart` `NVD OpenCart` -> replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
 - `openmage` `NVD OpenMage` -> replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
 - `phpmyadmin` `NVD phpMyAdmin` -> replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
@@ -62,6 +67,7 @@
 - `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
 - `rails` `NVD Ruby on Rails` -> replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
 - `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+- `react` `GitHub React Advisories` -> replacements: `OSV React` | reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `redmine` `NVD Redmine` -> replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
 - `saleor` `NVD Saleor` -> replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
 - `shopware` `NVD Shopware` -> replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
@@ -70,10 +76,13 @@
 - `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
 - `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
 - `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+- `traefik` `GitHub Traefik Advisories` -> replacements: `OSV Traefik` | reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
 - `undici` `NVD Undici` -> replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
 - `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+- `vite` `Vite Security` -> replacements: `OSV Vite` | reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+- `vue` `Vue Security` -> replacements: `OSV Vue` | reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
 - `webpack` `NVD webpack` -> replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
 - `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
diff --git a/08-threat-intel/generated/source-health.json b/08-threat-intel/generated/source-health.json
index 19c3a40b..23f9f341 100644
--- a/08-threat-intel/generated/source-health.json
+++ b/08-threat-intel/generated/source-health.json
@@ -1,17 +1,17 @@
 {
-  "generated_at": "2026-03-19T09:30:54+00:00",
-  "active_source_count": 110,
-  "green_source_count": 110,
+  "generated_at": "2026-03-19T23:44:51+00:00",
+  "active_source_count": 101,
+  "green_source_count": 101,
   "failure_count": 0,
   "all_green": true,
-  "last_fully_green_run": "2026-03-19T09:30:54+00:00",
+  "last_fully_green_run": "2026-03-19T23:44:51+00:00",
   "retries_performed": 0,
   "probes": [
     {
       "system_id": "adminer",
       "source_name": "OSV Adminer",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -19,7 +19,7 @@
       "system_id": "adobe-commerce",
       "source_name": "Adobe Magento Security Index",
       "source_kind": "vendor-index",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "vendor-index",
       "items_seen": 46
     },
@@ -27,7 +27,7 @@
       "system_id": "angular",
       "source_name": "OSV Angular",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -35,7 +35,7 @@
       "system_id": "apache-httpd",
       "source_name": "Apache HTTPD Security",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.024,
       "kind": "html-links",
       "items_seen": 182
     },
@@ -43,15 +43,15 @@
       "system_id": "apache-httpd",
       "source_name": "CISA KEV Apache HTTPD",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.074,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "apache-tomcat",
       "source_name": "Apache Tomcat Security",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.064,
       "kind": "html-links",
       "items_seen": 270
     },
@@ -59,15 +59,15 @@
       "system_id": "apache-tomcat",
       "source_name": "CISA KEV Tomcat",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.064,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "aspnet-core",
       "source_name": "OSV ASP.NET Core",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.006,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -75,23 +75,15 @@
       "system_id": "astro",
       "source_name": "OSV Astro",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "caddy",
-      "source_name": "GitHub Caddy Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.049,
-      "kind": "html-links",
-      "items_seen": 114
-    },
     {
       "system_id": "caddy",
       "source_name": "OSV Caddy",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.064,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -99,7 +91,7 @@
       "system_id": "directus",
       "source_name": "Directus GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.057,
+      "elapsed_seconds": 0.037,
       "kind": "html-links",
       "items_seen": 127
     },
@@ -107,7 +99,7 @@
       "system_id": "directus",
       "source_name": "OSV Directus",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -115,7 +107,7 @@
       "system_id": "discourse",
       "source_name": "Discourse Release Notes RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "rss-feed",
       "items_seen": 30
     },
@@ -123,7 +115,7 @@
       "system_id": "discourse",
       "source_name": "Discourse Security RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "rss-feed",
       "items_seen": 3
     },
@@ -131,7 +123,7 @@
       "system_id": "discourse",
       "source_name": "OSV Discourse",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -139,7 +131,7 @@
       "system_id": "django",
       "source_name": "Django Security Releases Archive",
       "source_kind": "vendor-index",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.068,
       "kind": "vendor-index",
       "items_seen": 1276
     },
@@ -147,7 +139,7 @@
       "system_id": "django",
       "source_name": "Django Security Weblog",
       "source_kind": "vendor-index",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.043,
       "kind": "vendor-index",
       "items_seen": 332
     },
@@ -155,7 +147,7 @@
       "system_id": "django",
       "source_name": "OSV Django",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.064,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -163,7 +155,7 @@
       "system_id": "drupal",
       "source_name": "Drupal Security Advisories RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "rss-feed",
       "items_seen": 20
     },
@@ -171,7 +163,7 @@
       "system_id": "drupal",
       "source_name": "OSV Drupal",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -179,7 +171,7 @@
       "system_id": "echo",
       "source_name": "OSV Echo",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.039,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -187,7 +179,7 @@
       "system_id": "esbuild",
       "source_name": "OSV esbuild",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.044,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -195,7 +187,7 @@
       "system_id": "express",
       "source_name": "OSV Express",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -203,7 +195,7 @@
       "system_id": "fastify",
       "source_name": "OSV Fastify",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.005,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -211,7 +203,7 @@
       "system_id": "flask",
       "source_name": "OSV Flask",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.017,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -219,7 +211,7 @@
       "system_id": "ghost",
       "source_name": "Ghost GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.058,
+      "elapsed_seconds": 0.038,
       "kind": "html-links",
       "items_seen": 119
     },
@@ -227,7 +219,7 @@
       "system_id": "ghost",
       "source_name": "OSV Ghost",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.058,
+      "elapsed_seconds": 0.038,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -235,23 +227,15 @@
       "system_id": "gin",
       "source_name": "OSV Gin",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.024,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "gitea",
-      "source_name": "GitHub Gitea Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
-      "kind": "html-links",
-      "items_seen": 98
-    },
     {
       "system_id": "gitea",
       "source_name": "OSV Gitea",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.074,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -259,7 +243,7 @@
       "system_id": "gitlab-ce",
       "source_name": "GitLab Advisory Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "kind": "html-links",
       "items_seen": 5
     },
@@ -267,7 +251,7 @@
       "system_id": "gitlab-ce",
       "source_name": "GitLab Security Releases Atom",
       "source_kind": "atom-feed",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.097,
       "kind": "atom-feed",
       "items_seen": 186
     },
@@ -275,15 +259,15 @@
       "system_id": "grafana",
       "source_name": "CISA KEV Grafana",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.039,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "grafana",
       "source_name": "Grafana Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.065,
       "kind": "html-links",
       "items_seen": 159
     },
@@ -291,7 +275,7 @@
       "system_id": "hapi",
       "source_name": "OSV Hapi",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -299,7 +283,7 @@
       "system_id": "haproxy",
       "source_name": "HAProxy Blog Feed",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.124,
+      "elapsed_seconds": 0.064,
       "kind": "rss-feed",
       "items_seen": 10
     },
@@ -307,7 +291,7 @@
       "system_id": "jenkins",
       "source_name": "Jenkins Security Advisories RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.126,
+      "elapsed_seconds": 0.074,
       "kind": "rss-feed",
       "items_seen": 96
     },
@@ -315,7 +299,7 @@
       "system_id": "joomla",
       "source_name": "Joomla Security Centre",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "html-links",
       "items_seen": 139
     },
@@ -323,7 +307,7 @@
       "system_id": "joomla",
       "source_name": "OSV Joomla",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.06,
+      "elapsed_seconds": 0.038,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -331,7 +315,7 @@
       "system_id": "kibana",
       "source_name": "Elastic Security Announcements RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.074,
       "kind": "rss-feed",
       "items_seen": 25
     },
@@ -339,7 +323,7 @@
       "system_id": "koa",
       "source_name": "OSV Koa",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.019,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -347,7 +331,7 @@
       "system_id": "laravel",
       "source_name": "OSV Laravel",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.047,
+      "elapsed_seconds": 0.008,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -355,7 +339,7 @@
       "system_id": "magento-open-source",
       "source_name": "Magento GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "html-links",
       "items_seen": 99
     },
@@ -363,7 +347,7 @@
       "system_id": "magento-open-source",
       "source_name": "OSV Magento Open Source",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -371,7 +355,7 @@
       "system_id": "magento-open-source",
       "source_name": "Sansec Research",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.052,
+      "elapsed_seconds": 0.032,
       "kind": "html-links",
       "items_seen": 134
     },
@@ -379,7 +363,7 @@
       "system_id": "mattermost",
       "source_name": "Mattermost Security Updates JSON",
       "source_kind": "json-feed",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.074,
       "kind": "json-feed",
       "items_seen": 594
     },
@@ -387,7 +371,7 @@
       "system_id": "mattermost",
       "source_name": "OSV Mattermost",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -395,7 +379,7 @@
       "system_id": "mediawiki",
       "source_name": "MediaWiki Announce RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "rss-feed",
       "items_seen": 30
     },
@@ -403,23 +387,15 @@
       "system_id": "mediawiki",
       "source_name": "OSV MediaWiki",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "medusa",
-      "source_name": "GitHub Medusa Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.032,
-      "kind": "html-links",
-      "items_seen": 102
-    },
     {
       "system_id": "medusa",
       "source_name": "OSV Medusa",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.032,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -427,7 +403,7 @@
       "system_id": "moodle",
       "source_name": "OSV Moodle",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.055,
+      "elapsed_seconds": 0.032,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -435,23 +411,15 @@
       "system_id": "nestjs",
       "source_name": "OSV NestJS",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.005,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "nextjs",
-      "source_name": "GitHub Next.js Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.03,
-      "kind": "html-links",
-      "items_seen": 123
-    },
     {
       "system_id": "nextjs",
       "source_name": "OSV Next.js",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.03,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -459,15 +427,15 @@
       "system_id": "nginx",
       "source_name": "CISA KEV NGINX",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.064,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "nginx",
       "source_name": "NGINX Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.023,
       "kind": "html-links",
       "items_seen": 138
     },
@@ -475,31 +443,23 @@
       "system_id": "nodejs",
       "source_name": "CISA KEV Node.js",
       "source_kind": "kev-json",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.028,
       "kind": "kev-json",
-      "items_seen": 1545
+      "items_seen": 1546
     },
     {
       "system_id": "nodejs",
       "source_name": "Node.js Security Releases",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.056,
+      "elapsed_seconds": 0.005,
       "kind": "html-links",
       "items_seen": 74
     },
-    {
-      "system_id": "nuxt",
-      "source_name": "Nuxt Security",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.03,
-      "kind": "html-links",
-      "items_seen": 118
-    },
     {
       "system_id": "nuxt",
       "source_name": "OSV Nuxt",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -507,7 +467,7 @@
       "system_id": "opencart",
       "source_name": "OSV OpenCart",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -515,7 +475,7 @@
       "system_id": "opencart",
       "source_name": "OpenCart Releases",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "html-links",
       "items_seen": 1500
     },
@@ -523,7 +483,7 @@
       "system_id": "openmage",
       "source_name": "OSV OpenMage",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.051,
+      "elapsed_seconds": 0.031,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -531,7 +491,7 @@
       "system_id": "openmage",
       "source_name": "OpenMage GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.051,
+      "elapsed_seconds": 0.032,
       "kind": "html-links",
       "items_seen": 125
     },
@@ -539,7 +499,7 @@
       "system_id": "phpmyadmin",
       "source_name": "OSV phpMyAdmin",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.064,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -547,7 +507,7 @@
       "system_id": "phpmyadmin",
       "source_name": "phpMyAdmin Security Page",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.064,
       "kind": "html-links",
       "items_seen": 262
     },
@@ -555,7 +515,7 @@
       "system_id": "prestashop",
       "source_name": "Friends Of Presta Security",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 38
     },
@@ -563,7 +523,7 @@
       "system_id": "prestashop",
       "source_name": "GitHub PrestaShop Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 127
     },
@@ -571,7 +531,7 @@
       "system_id": "prestashop",
       "source_name": "OSV PrestaShop",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -579,7 +539,7 @@
       "system_id": "prestashop",
       "source_name": "PrestaShop Security Page",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 60
     },
@@ -587,23 +547,15 @@
       "system_id": "rails",
       "source_name": "OSV Rails",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.039,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "react",
-      "source_name": "GitHub React Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.032,
-      "kind": "html-links",
-      "items_seen": 110
-    },
     {
       "system_id": "react",
       "source_name": "OSV React",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.03,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -611,7 +563,7 @@
       "system_id": "redmine",
       "source_name": "OSV Redmine",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.124,
+      "elapsed_seconds": 0.074,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -619,7 +571,7 @@
       "system_id": "redmine",
       "source_name": "Redmine Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.124,
+      "elapsed_seconds": 0.074,
       "kind": "html-links",
       "items_seen": 371
     },
@@ -627,7 +579,7 @@
       "system_id": "saleor",
       "source_name": "GitHub Saleor Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "html-links",
       "items_seen": 120
     },
@@ -635,7 +587,7 @@
       "system_id": "saleor",
       "source_name": "OSV Saleor",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -643,7 +595,7 @@
       "system_id": "shopware",
       "source_name": "OSV Shopware",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -651,7 +603,7 @@
       "system_id": "shopware",
       "source_name": "Shopware Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.035,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 129
     },
@@ -659,7 +611,7 @@
       "system_id": "spring-boot",
       "source_name": "OSV Spring Boot",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.01,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -667,7 +619,7 @@
       "system_id": "spring-boot",
       "source_name": "Spring Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.009,
       "kind": "html-links",
       "items_seen": 118
     },
@@ -675,7 +627,7 @@
       "system_id": "spring-framework",
       "source_name": "OSV Spring Framework",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.061,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -683,7 +635,7 @@
       "system_id": "spring-framework",
       "source_name": "Spring Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.054,
+      "elapsed_seconds": 0.021,
       "kind": "html-links",
       "items_seen": 118
     },
@@ -691,7 +643,7 @@
       "system_id": "spring-security",
       "source_name": "OSV Spring Security",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.136,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -699,7 +651,7 @@
       "system_id": "spring-security",
       "source_name": "Spring Security Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.053,
+      "elapsed_seconds": 0.01,
       "kind": "html-links",
       "items_seen": 118
     },
@@ -707,7 +659,7 @@
       "system_id": "strapi",
       "source_name": "OSV Strapi",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.057,
+      "elapsed_seconds": 0.037,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -715,7 +667,7 @@
       "system_id": "strapi",
       "source_name": "Strapi GitHub Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.058,
+      "elapsed_seconds": 0.037,
       "kind": "html-links",
       "items_seen": 124
     },
@@ -723,7 +675,7 @@
       "system_id": "sveltekit",
       "source_name": "OSV SvelteKit",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.018,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -731,23 +683,15 @@
       "system_id": "symfony",
       "source_name": "OSV Symfony",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.043,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "traefik",
-      "source_name": "GitHub Traefik Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
-      "kind": "html-links",
-      "items_seen": 124
-    },
     {
       "system_id": "traefik",
       "source_name": "OSV Traefik",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.064,
+      "elapsed_seconds": 0.074,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -755,7 +699,7 @@
       "system_id": "undici",
       "source_name": "OSV Undici",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.019,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -763,39 +707,23 @@
       "system_id": "vite",
       "source_name": "OSV Vite",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.013,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "vite",
-      "source_name": "Vite Security",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.017,
-      "kind": "html-links",
-      "items_seen": 124
-    },
     {
       "system_id": "vue",
       "source_name": "OSV Vue",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.03,
+      "elapsed_seconds": 0.015,
       "kind": "osv-batch",
       "items_seen": 1
     },
-    {
-      "system_id": "vue",
-      "source_name": "Vue Security",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.03,
-      "kind": "html-links",
-      "items_seen": 111
-    },
     {
       "system_id": "webpack",
       "source_name": "OSV webpack",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.017,
+      "elapsed_seconds": 0.009,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -803,7 +731,7 @@
       "system_id": "werkzeug",
       "source_name": "OSV Werkzeug",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.039,
+      "elapsed_seconds": 0.006,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -811,7 +739,7 @@
       "system_id": "woocommerce",
       "source_name": "GitHub WooCommerce Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.031,
       "kind": "html-links",
       "items_seen": 107
     },
@@ -819,7 +747,7 @@
       "system_id": "woocommerce",
       "source_name": "OSV WooCommerce",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.031,
       "kind": "osv-batch",
       "items_seen": 1
     },
@@ -827,7 +755,7 @@
       "system_id": "woocommerce",
       "source_name": "Patchstack Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 193
     },
@@ -835,7 +763,7 @@
       "system_id": "woocommerce",
       "source_name": "Woo Developer Advisories",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.031,
       "kind": "html-links",
       "items_seen": 121
     },
@@ -843,7 +771,7 @@
       "system_id": "woocommerce",
       "source_name": "Wordfence Vulnerability Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.042,
+      "elapsed_seconds": 0.019,
       "kind": "html-links",
       "items_seen": 0
     },
@@ -851,7 +779,7 @@
       "system_id": "wordpress",
       "source_name": "Patchstack Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.063,
+      "elapsed_seconds": 0.041,
       "kind": "html-links",
       "items_seen": 193
     },
@@ -859,7 +787,7 @@
       "system_id": "wordpress",
       "source_name": "PortSwigger Research",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.062,
+      "elapsed_seconds": 0.038,
       "kind": "html-links",
       "items_seen": 99
     },
@@ -867,7 +795,7 @@
       "system_id": "wordpress",
       "source_name": "WPScan Vulnerability Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.062,
+      "elapsed_seconds": 0.041,
       "kind": "html-links",
       "items_seen": 74
     },
@@ -875,7 +803,7 @@
       "system_id": "wordpress",
       "source_name": "WordPress Security News RSS",
       "source_kind": "rss-feed",
-      "elapsed_seconds": 0.063,
+      "elapsed_seconds": 0.041,
       "kind": "rss-feed",
       "items_seen": 10
     },
@@ -883,7 +811,7 @@
       "system_id": "wordpress",
       "source_name": "Wordfence Vulnerability Database",
       "source_kind": "html-links",
-      "elapsed_seconds": 0.063,
+      "elapsed_seconds": 0.041,
       "kind": "html-links",
       "items_seen": 0
     }
@@ -891,73 +819,73 @@
   "failures": [],
   "slow_sources": [
     {
-      "system_id": "spring-security",
-      "source_name": "OSV Spring Security",
-      "source_kind": "osv-batch",
-      "elapsed_seconds": 0.136,
-      "status": "ok"
-    },
-    {
-      "system_id": "jenkins",
-      "source_name": "Jenkins Security Advisories RSS",
-      "source_kind": "rss-feed",
-      "elapsed_seconds": 0.126,
-      "status": "ok"
-    },
-    {
-      "system_id": "haproxy",
-      "source_name": "HAProxy Blog Feed",
-      "source_kind": "rss-feed",
-      "elapsed_seconds": 0.124,
-      "status": "ok"
-    },
-    {
-      "system_id": "redmine",
-      "source_name": "OSV Redmine",
-      "source_kind": "osv-batch",
-      "elapsed_seconds": 0.124,
-      "status": "ok"
-    },
-    {
-      "system_id": "redmine",
-      "source_name": "Redmine Security Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.124,
+      "system_id": "gitlab-ce",
+      "source_name": "GitLab Security Releases Atom",
+      "source_kind": "atom-feed",
+      "elapsed_seconds": 0.097,
       "status": "ok"
     },
     {
       "system_id": "adminer",
       "source_name": "OSV Adminer",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "status": "ok"
     },
     {
-      "system_id": "caddy",
-      "source_name": "OSV Caddy",
+      "system_id": "gitlab-ce",
+      "source_name": "GitLab Advisory Database",
+      "source_kind": "html-links",
+      "elapsed_seconds": 0.096,
+      "status": "ok"
+    },
+    {
+      "system_id": "mattermost",
+      "source_name": "OSV Mattermost",
       "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "elapsed_seconds": 0.096,
       "status": "ok"
     },
     {
-      "system_id": "django",
-      "source_name": "Django Security Releases Archive",
-      "source_kind": "vendor-index",
-      "elapsed_seconds": 0.123,
-      "status": "ok"
-    },
-    {
-      "system_id": "gin",
-      "source_name": "OSV Gin",
-      "source_kind": "osv-batch",
-      "elapsed_seconds": 0.123,
+      "system_id": "apache-httpd",
+      "source_name": "CISA KEV Apache HTTPD",
+      "source_kind": "kev-json",
+      "elapsed_seconds": 0.074,
       "status": "ok"
     },
     {
       "system_id": "gitea",
-      "source_name": "GitHub Gitea Advisories",
-      "source_kind": "html-links",
-      "elapsed_seconds": 0.123,
+      "source_name": "OSV Gitea",
+      "source_kind": "osv-batch",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "jenkins",
+      "source_name": "Jenkins Security Advisories RSS",
+      "source_kind": "rss-feed",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "kibana",
+      "source_name": "Elastic Security Announcements RSS",
+      "source_kind": "rss-feed",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "mattermost",
+      "source_name": "Mattermost Security Updates JSON",
+      "source_kind": "json-feed",
+      "elapsed_seconds": 0.074,
+      "status": "ok"
+    },
+    {
+      "system_id": "redmine",
+      "source_name": "OSV Redmine",
+      "source_kind": "osv-batch",
+      "elapsed_seconds": 0.074,
       "status": "ok"
     }
   ],
@@ -1014,8 +942,8 @@
     {
       "system_id": "caddy",
       "display_name": "Caddy",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1098,8 +1026,8 @@
     {
       "system_id": "gitea",
       "display_name": "Gitea",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1189,8 +1117,8 @@
     {
       "system_id": "medusa",
       "display_name": "Medusa",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1210,8 +1138,8 @@
     {
       "system_id": "nextjs",
       "display_name": "Next.js",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1231,8 +1159,8 @@
     {
       "system_id": "nuxt",
       "display_name": "Nuxt",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1273,8 +1201,8 @@
     {
       "system_id": "react",
       "display_name": "React",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1343,8 +1271,8 @@
     {
       "system_id": "traefik",
       "display_name": "Traefik",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
@@ -1357,15 +1285,15 @@
     {
       "system_id": "vite",
       "display_name": "Vite",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
       "system_id": "vue",
       "display_name": "Vue",
-      "active_source_total": 2,
-      "green_source_total": 2,
+      "active_source_total": 1,
+      "green_source_total": 1,
       "failure_count": 0
     },
     {
diff --git a/08-threat-intel/registry/advisories/kibana--012933e759.json b/08-threat-intel/registry/advisories/kibana--012933e759.json
new file mode 100644
index 00000000..8d9c9ceb
--- /dev/null
+++ b/08-threat-intel/registry/advisories/kibana--012933e759.json
@@ -0,0 +1,60 @@
+{
+  "canonical_id": "kibana--012933e759",
+  "system_id": "kibana",
+  "display_name": "Kibana",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)",
+  "summary": "<p><strong>Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration</strong></p>\n<p>Missing Authorization (CWE-862) in Kibana\u2019s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.11</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.5</li>\n<li>Version 9.3.0</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<ul>\n<li>Automated response actions require the appropriate Elastic Stack subscription or Serverless project feature tier, and hosts must have Elastic Agent installed with the Elastic Defend integration.</li>\n<li>Automated response actions are not enabled by default on detection rules. A user must explicitly configure them. However, the Elastic Defend feature privileges (Host Isolation, Process Operations) are set to None by default for new roles, meaning most users should not have these privileges unless explicitly granted. The vulnerability allows users without these privileges to bypass the restriction.</li>\n<li>The Update API is only vulnerable when response actions are being added to an existing rule that does not already have any response actions. If the rule already contains response actions, the existing authorization logic was applied.</li>\n</ul>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.12, 9.2.6, 9.3.1.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Update to the patched version as soon as possible. In the interim, restrict detection rule management privileges to users who are also authorized for endpoint response actions. Review existing rules for any unauthorized response action configurations that may have been added.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Audit all detection rules for response_actions configurations containing <code>.endpoint</code> action types (isolate, kill-process, suspend-process) that may have been added by unauthorized users.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N<br>\n<strong>CVE ID</strong>: CVE-2026-26939<br>\n<strong>Problem Type:</strong> CWE-862 - Missing Authorization<br>\n<strong>Impact:</strong> Accessing Functionality Not Properly Constrained by ACLs - CAPEC-1</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530\">Read full topic</a></p>",
+  "published_at": "Thu, 19 Mar 2026 16:51:08 +0000",
+  "updated_at": "Thu, 19 Mar 2026 16:51:08 +0000",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530",
+  "secondary_source_urls": [],
+  "aliases": [],
+  "cve_ids": [],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "proxy-trust-boundary",
+    "dependency-upgrade-policy"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "Elastic Security Announcements RSS"
+    ],
+    "source_kinds": [
+      "rss-feed"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/kibana--0fcd01159e.json b/08-threat-intel/registry/advisories/kibana--0fcd01159e.json
new file mode 100644
index 00000000..43966fae
--- /dev/null
+++ b/08-threat-intel/registry/advisories/kibana--0fcd01159e.json
@@ -0,0 +1,59 @@
+{
+  "canonical_id": "kibana--0fcd01159e",
+  "system_id": "kibana",
+  "display_name": "Kibana",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)",
+  "summary": "<p><strong>Improper Validation of Array Index in Packetbeat Leading to Denial of Service</strong></p>\n<p>Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.10</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nPacketbeat protocol parsing is enabled by default for configured protocols. Network traffic capture requires explicit configuration of network interfaces and protocols to monitor in packetbeat.yml. The vulnerable parsers are only active when their respective protocols are explicitly enabled in the configuration.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.11, 9.2.5.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Network Segmentation: Ensure Packetbeat instances only monitor trusted network segments and implement network-level controls to prevent untrusted sources from sending traffic to monitored interfaces. This will reduce the likelihood of exploitation.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<ul>\n<li>Frequent panic/crash events in Packetbeat logs</li>\n<li>Error messages related to index out of range or slice bounds violations</li>\n<li>Repeated restarts of the Packetbeat process</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>:  CVE-2026-26933<br>\n<strong>Problem Type:</strong> CWE-129 - Improper Validation of Array Index<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533\">Read full topic</a></p>",
+  "published_at": "Thu, 19 Mar 2026 16:56:17 +0000",
+  "updated_at": "Thu, 19 Mar 2026 16:56:17 +0000",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533",
+  "secondary_source_urls": [],
+  "aliases": [],
+  "cve_ids": [],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "proxy-trust-boundary"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "Elastic Security Announcements RSS"
+    ],
+    "source_kinds": [
+      "rss-feed"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/kibana--4bfdbe9da9.json b/08-threat-intel/registry/advisories/kibana--4bfdbe9da9.json
new file mode 100644
index 00000000..c8eb812d
--- /dev/null
+++ b/08-threat-intel/registry/advisories/kibana--4bfdbe9da9.json
@@ -0,0 +1,61 @@
+{
+  "canonical_id": "kibana--4bfdbe9da9",
+  "system_id": "kibana",
+  "display_name": "Kibana",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)",
+  "summary": "<p><strong>Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an attacker to access sensitive information from previous buffer contents via Input Data Manipulation (CAPEC-153). Exploitation requires the attacker to produce specially crafted, malformed compressed input to a Kafka topic consumed by Logstash, causing the decompression process to expose residual data from reused output buffers that were not cleared between operations - CVE-2025-66566.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.15.0 up to and including 8.19.9</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.1.9</li>\n<li>All versions from 9.2.0 up to and including 9.2.3</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThis vulnerability is limited to Logstash deployments that have the logstash-integration-kafka plugin configured to consume from a Kafka topic to which the attacker can publish messages. The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.10, 9.1.10, 9.2.4.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p>Manually update the logstash-integration-kafka plugin to version 11.8.1 or higher using: bin/logstash-plugin update logstash-integration-kafka</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.9 ) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N<br>\n<strong>CVE ID</strong>: CVE-2025-66566<br>\n<strong>Problem Type:</strong> CWE-226 - Sensitive Information in Resource Not Removed Before Reuse<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531\">Read full topic</a></p>",
+  "published_at": "Thu, 19 Mar 2026 16:53:51 +0000",
+  "updated_at": "Thu, 19 Mar 2026 16:53:51 +0000",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531",
+  "secondary_source_urls": [],
+  "aliases": [],
+  "cve_ids": [],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy",
+    "dependency-upgrade-policy"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "Elastic Security Announcements RSS"
+    ],
+    "source_kinds": [
+      "rss-feed"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/kibana--4d0ef3a07b.json b/08-threat-intel/registry/advisories/kibana--4d0ef3a07b.json
new file mode 100644
index 00000000..3e066692
--- /dev/null
+++ b/08-threat-intel/registry/advisories/kibana--4d0ef3a07b.json
@@ -0,0 +1,60 @@
+{
+  "canonical_id": "kibana--4d0ef3a07b",
+  "system_id": "kibana",
+  "display_name": "Kibana",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)",
+  "summary": "<p><strong>Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service</strong></p>\n<p>Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThe Prometheus <code>remote_write</code> module is not enabled by default in Metricbeat, so this issue only affects users who have enabled it.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.5 .</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<ol>\n<li>Disable the remote_write module if it is not required for operations:\n<ul>\n<li>Remove or comment out the Prometheus <code>remote_write</code> configuration block in <code>metricbeat.yml</code></li>\n<li>Restart Metricbeat to apply changes</li>\n</ul>\n</li>\n<li>Restrict network access using firewall rules or network policies:\n<ul>\n<li>Limit access to the <code>remote_write</code> endpoint to trusted Prometheus server IP addresses only</li>\n<li>Use host: \"localhost\" binding if the Prometheus server runs on the same host</li>\n</ul>\n</li>\n</ol>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Log Patterns:</p>\n<ul>\n<li>Metricbeat process termination with \u201cout of memory\" messages in system logs</li>\n<li>Repeated Metricbeat crashes or restarts when the Prometheus <code>remote_write</code> module is enabled</li>\n<li>OOM events in kernel logs <code>dmesg</code> or container orchestration logs targeting the Metricbeat process</li>\n</ul>\n<p>Audit Trail Indicators:</p>\n<ul>\n<li>Sudden memory consumption spikes in Metricbeat process metrics immediately preceding process termination</li>\n<li>Network connections from unexpected or unauthorized source IP addresses to the <code>remote_write</code> endpoint port</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26931<br>\n<strong>Problem Type:</strong> CWE-789 - Memory Allocation with Excessive Size Value<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532\">Read full topic</a></p>",
+  "published_at": "Thu, 19 Mar 2026 16:54:15 +0000",
+  "updated_at": "Thu, 19 Mar 2026 16:54:15 +0000",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532",
+  "secondary_source_urls": [],
+  "aliases": [],
+  "cve_ids": [],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "Elastic Security Announcements RSS"
+    ],
+    "source_kinds": [
+      "rss-feed"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/kibana--844efe5dac.json b/08-threat-intel/registry/advisories/kibana--844efe5dac.json
new file mode 100644
index 00000000..2883185c
--- /dev/null
+++ b/08-threat-intel/registry/advisories/kibana--844efe5dac.json
@@ -0,0 +1,61 @@
+{
+  "canonical_id": "kibana--844efe5dac",
+  "system_id": "kibana",
+  "display_name": "Kibana",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)",
+  "summary": "<p><strong>Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service</strong></p>\n<p>Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.6</li>\n<li>All versions from 9.3.0 up to and including 9.3.1</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The Timelion visualization plugin (visTypeTimelion) is enabled by default in Kibana and is listed under \"Legacy editors\" in the documentation.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.7, 9.3.2.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p><strong>Self-hosted</strong><br>\nUsers can set this property in the Kibana config YAML file <code>vis_type_timelion.enabled: false</code></p>\n<p><strong>Cloud</strong><br>\nThere are no workaround</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Look for JavaScript heap out of memory or FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed errors in Kibana server logs, which indicate the Node.js process crashed due to memory exhaustion.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26940<br>\n<strong>Problem Type:</strong> CWE-1284 - Improper Validation of Specified Quantity in Input<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535\">Read full topic</a></p>",
+  "published_at": "Thu, 19 Mar 2026 16:59:58 +0000",
+  "updated_at": "Thu, 19 Mar 2026 16:59:58 +0000",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535",
+  "secondary_source_urls": [],
+  "aliases": [],
+  "cve_ids": [],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "proxy-trust-boundary",
+    "plugin-extension-trust-policy",
+    "dependency-upgrade-policy"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "Elastic Security Announcements RSS"
+    ],
+    "source_kinds": [
+      "rss-feed"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/kibana--ca14c406d9.json b/08-threat-intel/registry/advisories/kibana--ca14c406d9.json
new file mode 100644
index 00000000..9b131135
--- /dev/null
+++ b/08-threat-intel/registry/advisories/kibana--ca14c406d9.json
@@ -0,0 +1,62 @@
+{
+  "canonical_id": "kibana--ca14c406d9",
+  "system_id": "kibana",
+  "display_name": "Kibana",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)",
+  "summary": "<p><strong>Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Object Injection (CAPEC-586). Exploitation requires an attacker to have high-privileged access (the <code>machine_learning_admin</code> role) to upload and deploy a specially crafted, malicious model to the Elasticsearch cluster that triggers known vulnerabilities CVE-2025-32434.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.7</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.1.7</li>\n<li>Versions 9.2.0+ were never affected</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The vulnerability affects Elasticsearch deployments that have ML nodes and where PyTorch-based NLP models can be uploaded and deployed.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.8, 9.1.8.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Ensure that only trusted users are granted the machine_learning_admin role. Revoke this role from any users who do not have a legitimate need to upload or manage ML models.</p>\n<p>Disable ML entirely: If ML functionality is not required, set xpack.ml.enabled: false in elasticsearch.yml on all nodes. Note that this disables all ML features, not just PyTorch model loading.</p>\n<p>Only use models from trusted sources: As stated in the official Elastic documentation: \"PyTorch models can execute code on your Elasticsearch server, exposing your cluster to potential security vulnerabilities. Only use models from trusted sources and never use models from unverified or unknown providers.\"</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: High ( 7.2 ) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H<br>\n<strong>CVE ID</strong>: CVE-2025-32434<br>\n<strong>Problem Type:</strong> CWE-502 - Deserialization of Untrusted Data<br>\n<strong>Impact:</strong> CAPEC-586 - Object Injection</p>\n            <p><small>1 post - 1 participant</small></p>\n            <p><a href=\"https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534\">Read full topic</a></p>",
+  "published_at": "Thu, 19 Mar 2026 16:59:18 +0000",
+  "updated_at": "Thu, 19 Mar 2026 16:59:18 +0000",
+  "severity": "unknown",
+  "cvss_score": null,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534",
+  "secondary_source_urls": [],
+  "aliases": [],
+  "cve_ids": [],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "proxy-trust-boundary",
+    "file-upload-validation",
+    "dependency-upgrade-policy",
+    "deserialization-safety"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "Elastic Security Announcements RSS"
+    ],
+    "source_kinds": [
+      "rss-feed"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/mattermost--CVE-2026-22545.json b/08-threat-intel/registry/advisories/mattermost--CVE-2026-22545.json
new file mode 100644
index 00000000..2c358685
--- /dev/null
+++ b/08-threat-intel/registry/advisories/mattermost--CVE-2026-22545.json
@@ -0,0 +1,83 @@
+{
+  "canonical_id": "mattermost--CVE-2026-22545",
+  "system_id": "mattermost",
+  "display_name": "Mattermost",
+  "category": "platforms",
+  "advisory_mode": "core",
+  "title": "Mattermost fails to validate user's authentication method when processing account auth type switch",
+  "summary": "Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583",
+  "published_at": "2026-03-16T15:30:47Z",
+  "updated_at": "2026-03-19T19:31:20.982512Z",
+  "severity": "low",
+  "cvss_score": 3.1,
+  "exploit_status": "unknown",
+  "source_confidence": "ecosystem-authority",
+  "official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
+  "secondary_source_urls": [
+    "https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
+    "https://github.com/mattermost/mattermost",
+    "https://mattermost.com/security-updates"
+  ],
+  "aliases": [
+    "CVE-2026-22545",
+    "GHSA-rv67-7w2g-7976"
+  ],
+  "cve_ids": [
+    "CVE-2026-22545"
+  ],
+  "ghsa_ids": [
+    "GHSA-rv67-7w2g-7976"
+  ],
+  "osv_ids": [
+    "GHSA-rv67-7w2g-7976"
+  ],
+  "affected_versions": [
+    "introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988",
+    "introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
+    "introduced=10.11.0-rc1, fixed<10.11.11",
+    "introduced=11.2.0-rc1, fixed<11.2.3",
+    "introduced=11.3.0-rc1, fixed<11.3.1"
+  ],
+  "fixed_versions": [
+    "8.0.0-20260127144908-ced9a56e3988",
+    "5.3.2-0.20260127144908-ced9a56e3988",
+    "10.11.11",
+    "11.2.3",
+    "11.3.1"
+  ],
+  "package_name": "github.com/mattermost/mattermost-server",
+  "render_markdown": true,
+  "case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "xss-output-encoding",
+    "token-cookie-storage",
+    "dependency-upgrade-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "historical_status": null,
+  "latest_status": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "xss-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Mattermost"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
index 59e94d82..6c8ac402 100644
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
@@ -7,13 +7,14 @@
   "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
   "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
   "published_at": "2026-03-17T15:29:48Z",
-  "updated_at": "2026-03-17T15:46:26.028580Z",
+  "updated_at": "2026-03-19T18:32:38.608475Z",
   "severity": "medium",
   "cvss_score": 4.0,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
   "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-27977",
     "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
     "https://github.com/vercel/next.js",
     "https://github.com/vercel/next.js/releases/tag/v16.1.7"
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json
index 57b88f6d..545250a7 100644
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json
@@ -7,13 +7,14 @@
   "title": "Next.js: null origin can bypass Server Actions CSRF checks",
   "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
   "published_at": "2026-03-17T15:30:14Z",
-  "updated_at": "2026-03-17T15:46:43.484729Z",
+  "updated_at": "2026-03-19T18:31:23.523529Z",
   "severity": "medium",
   "cvss_score": 4.0,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
   "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-27978",
     "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
     "https://github.com/vercel/next.js",
     "https://github.com/vercel/next.js/releases/tag/v16.1.7"
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json
index 366f993b..bbb777bc 100644
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json
@@ -7,13 +7,14 @@
   "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
   "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
   "published_at": "2026-03-17T16:16:49Z",
-  "updated_at": "2026-03-17T16:31:34.160932Z",
+  "updated_at": "2026-03-19T18:48:06.587119Z",
   "severity": "medium",
   "cvss_score": 4.0,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
   "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-27979",
     "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
     "https://github.com/vercel/next.js",
     "https://github.com/vercel/next.js/releases/tag/v16.1.7"
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json
index e54b97f9..ed5d7fa9 100644
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json
@@ -5,15 +5,16 @@
   "category": "frameworks",
   "advisory_mode": "core",
   "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
-  "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+  "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impact platforms that have their own image optimization capabilities, such as Vercel.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
   "published_at": "2026-03-17T16:17:06Z",
-  "updated_at": "2026-03-17T16:31:33.597080Z",
+  "updated_at": "2026-03-19T18:47:09.413134Z",
   "severity": "medium",
   "cvss_score": 4.0,
   "exploit_status": "unknown",
   "source_confidence": "official",
   "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
   "secondary_source_urls": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2026-27980",
     "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
     "https://github.com/vercel/next.js",
     "https://github.com/vercel/next.js/releases/tag/v16.1.7"
@@ -32,10 +33,12 @@
     "GHSA-3x4c-7xq6-9pq8"
   ],
   "affected_versions": [
-    "introduced=10.0.0, fixed<16.1.7"
+    "introduced=16.0.0-beta.0, fixed<16.1.7",
+    "introduced=10.0.0, fixed<15.5.14"
   ],
   "fixed_versions": [
-    "16.1.7"
+    "16.1.7",
+    "15.5.14"
   ],
   "package_name": "next",
   "render_markdown": true,
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
index 3b4ce376..b0d36032 100644
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
@@ -7,7 +7,7 @@
   "title": "Next.js: HTTP request smuggling in rewrites",
   "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
   "published_at": "2026-03-17T16:17:15Z",
-  "updated_at": "2026-03-18T22:02:16.858114Z",
+  "updated_at": "2026-03-19T17:59:01.302251Z",
   "severity": "medium",
   "cvss_score": 4.0,
   "exploit_status": "unknown",
diff --git a/08-threat-intel/registry/monitoring/2026-03-19T23-44-51+00-00.json b/08-threat-intel/registry/monitoring/2026-03-19T23-44-51+00-00.json
new file mode 100644
index 00000000..f37f6226
--- /dev/null
+++ b/08-threat-intel/registry/monitoring/2026-03-19T23-44-51+00-00.json
@@ -0,0 +1,3975 @@
+{
+  "generated_at": "2026-03-19T23:44:51+00:00",
+  "source_catalog_audit": {
+    "generated_at": "2026-03-19T23:44:51+00:00",
+    "system_count": 62,
+    "source_count": 179,
+    "active_source_count": 101,
+    "retired_source_count": 78,
+    "systems_with_active_official": 61,
+    "systems_with_machine_readable_source": 61,
+    "systems": [
+      {
+        "system_id": "adminer",
+        "display_name": "Adminer",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "adobe-commerce",
+        "display_name": "Adobe Commerce",
+        "category": "ecommerce",
+        "tier": "history-full",
+        "source_total": 5,
+        "active_source_total": 1,
+        "retired_source_total": 4,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 0,
+        "has_active_official": true,
+        "has_machine_readable_source": false
+      },
+      {
+        "system_id": "angular",
+        "display_name": "Angular",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "apache-httpd",
+        "display_name": "Apache HTTP Server",
+        "category": "servers",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "apache-tomcat",
+        "display_name": "Apache Tomcat",
+        "category": "servers",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "aspnet-core",
+        "display_name": "ASP.NET Core",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "astro",
+        "display_name": "Astro",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "caddy",
+        "display_name": "Caddy",
+        "category": "servers",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "directus",
+        "display_name": "Directus",
+        "category": "cms",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 2,
+        "retired_source_total": 0,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "discourse",
+        "display_name": "Discourse",
+        "category": "cms",
+        "tier": "rolling-24m",
+        "source_total": 5,
+        "active_source_total": 3,
+        "retired_source_total": 2,
+        "official_active": 2,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 3,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "django",
+        "display_name": "Django",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 4,
+        "active_source_total": 3,
+        "retired_source_total": 1,
+        "official_active": 3,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "drupal",
+        "display_name": "Drupal",
+        "category": "cms",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 2,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "echo",
+        "display_name": "Echo",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 1,
+        "active_source_total": 1,
+        "retired_source_total": 0,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "esbuild",
+        "display_name": "esbuild",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "express",
+        "display_name": "Express",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "fastify",
+        "display_name": "Fastify",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "flask",
+        "display_name": "Flask",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "ghost",
+        "display_name": "Ghost",
+        "category": "cms",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "gin",
+        "display_name": "Gin",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 1,
+        "active_source_total": 1,
+        "retired_source_total": 0,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "gitea",
+        "display_name": "Gitea",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "gitlab-ce",
+        "display_name": "GitLab CE",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 4,
+        "active_source_total": 2,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "grafana",
+        "display_name": "Grafana",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 2,
+        "retired_source_total": 0,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "hapi",
+        "display_name": "Hapi",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "haproxy",
+        "display_name": "HAProxy",
+        "category": "servers",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "jenkins",
+        "display_name": "Jenkins",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "joomla",
+        "display_name": "Joomla",
+        "category": "cms",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "kibana",
+        "display_name": "Kibana",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "koa",
+        "display_name": "Koa",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "laravel",
+        "display_name": "Laravel",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "magento-open-source",
+        "display_name": "Magento Open Source",
+        "category": "ecommerce",
+        "tier": "history-full",
+        "source_total": 4,
+        "active_source_total": 3,
+        "retired_source_total": 1,
+        "official_active": 2,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "mattermost",
+        "display_name": "Mattermost",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 4,
+        "active_source_total": 2,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 2,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "mediawiki",
+        "display_name": "MediaWiki",
+        "category": "cms",
+        "tier": "rolling-24m",
+        "source_total": 4,
+        "active_source_total": 2,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 2,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "medusa",
+        "display_name": "Medusa",
+        "category": "ecommerce",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "moodle",
+        "display_name": "Moodle",
+        "category": "cms",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 0,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": false,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "nestjs",
+        "display_name": "NestJS",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "nextjs",
+        "display_name": "Next.js",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "nginx",
+        "display_name": "Nginx",
+        "category": "servers",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "nodejs",
+        "display_name": "Node.js",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 2,
+        "active_source_total": 2,
+        "retired_source_total": 0,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "nuxt",
+        "display_name": "Nuxt",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "opencart",
+        "display_name": "OpenCart",
+        "category": "ecommerce",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "openmage",
+        "display_name": "OpenMage / Mage-OS",
+        "category": "ecommerce",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "phpmyadmin",
+        "display_name": "phpMyAdmin",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "prestashop",
+        "display_name": "PrestaShop",
+        "category": "ecommerce",
+        "tier": "history-full",
+        "source_total": 5,
+        "active_source_total": 4,
+        "retired_source_total": 1,
+        "official_active": 2,
+        "ecosystem_active": 2,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "rails",
+        "display_name": "Ruby on Rails",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "react",
+        "display_name": "React",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "redmine",
+        "display_name": "Redmine",
+        "category": "platforms",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "saleor",
+        "display_name": "Saleor",
+        "category": "ecommerce",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "shopware",
+        "display_name": "Shopware",
+        "category": "ecommerce",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "spring-boot",
+        "display_name": "Spring Boot",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "spring-framework",
+        "display_name": "Spring Framework",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "spring-security",
+        "display_name": "Spring Security",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 2,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 1,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "strapi",
+        "display_name": "Strapi",
+        "category": "cms",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 2,
+        "retired_source_total": 0,
+        "official_active": 2,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "sveltekit",
+        "display_name": "SvelteKit",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "symfony",
+        "display_name": "Symfony",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "traefik",
+        "display_name": "Traefik",
+        "category": "servers",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "undici",
+        "display_name": "Undici",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "vite",
+        "display_name": "Vite",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "vue",
+        "display_name": "Vue",
+        "category": "frameworks",
+        "tier": "history-full",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "webpack",
+        "display_name": "webpack",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 3,
+        "active_source_total": 1,
+        "retired_source_total": 2,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "werkzeug",
+        "display_name": "Werkzeug",
+        "category": "frameworks",
+        "tier": "rolling-24m",
+        "source_total": 2,
+        "active_source_total": 1,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 0,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "woocommerce",
+        "display_name": "WooCommerce",
+        "category": "ecommerce",
+        "tier": "history-full",
+        "source_total": 6,
+        "active_source_total": 5,
+        "retired_source_total": 1,
+        "official_active": 2,
+        "ecosystem_active": 3,
+        "research_active": 0,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      },
+      {
+        "system_id": "wordpress",
+        "display_name": "WordPress",
+        "category": "cms",
+        "tier": "history-full",
+        "source_total": 6,
+        "active_source_total": 5,
+        "retired_source_total": 1,
+        "official_active": 1,
+        "ecosystem_active": 3,
+        "research_active": 1,
+        "machine_readable_active": 1,
+        "has_active_official": true,
+        "has_machine_readable_source": true
+      }
+    ],
+    "retired_sources": [
+      {
+        "system_id": "adminer",
+        "display_name": "Adminer",
+        "source_name": "NVD Adminer",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Adminer provides a machine-readable Packagist-aligned source, removing the need for NVD public search.",
+        "replacement_sources": [
+          "OSV Adminer"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "adobe-commerce",
+        "display_name": "Adobe Commerce",
+        "source_name": "Adobe Security Bulletins",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.",
+        "replacement_sources": [
+          "Adobe Magento Security Index",
+          "NVD Adobe Commerce",
+          "GHSA Adobe Commerce"
+        ],
+        "url": "https://helpx.adobe.com/security/products/magento.html"
+      },
+      {
+        "system_id": "adobe-commerce",
+        "display_name": "Adobe Commerce",
+        "source_name": "GHSA Adobe Commerce",
+        "bucket": "ecosystem_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.",
+        "replacement_sources": [
+          "Adobe Magento Security Index",
+          "NVD Adobe Commerce"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "adobe-commerce",
+        "display_name": "Adobe Commerce",
+        "source_name": "NVD Adobe Commerce",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Adobe Magento Security Index is now the active official machine-readable source, so NVD public search is no longer needed for daily collection.",
+        "replacement_sources": [
+          "Adobe Magento Security Index"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "adobe-commerce",
+        "display_name": "Adobe Commerce",
+        "source_name": "Sansec Research",
+        "bucket": "ecosystem_sources",
+        "kind": "vendor-index",
+        "retired_reason": "Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.",
+        "replacement_sources": [
+          "GHSA Adobe Commerce",
+          "Adobe Magento Security Index"
+        ],
+        "url": "https://sansec.io/research"
+      },
+      {
+        "system_id": "angular",
+        "display_name": "Angular",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Angular"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "apache-httpd",
+        "display_name": "Apache HTTP Server",
+        "source_name": "NVD Apache HTTP Server",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Official Apache HTTPD advisories page plus CISA KEV are sufficient active sources for daily monitoring.",
+        "replacement_sources": [
+          "Apache HTTPD Security",
+          "CISA KEV Apache HTTPD"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "apache-tomcat",
+        "display_name": "Apache Tomcat",
+        "source_name": "NVD Tomcat",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.",
+        "replacement_sources": [
+          "Apache Tomcat Security",
+          "CISA KEV Tomcat"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "aspnet-core",
+        "display_name": "ASP.NET Core",
+        "source_name": "NVD ASP.NET Core",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.",
+        "replacement_sources": [
+          "OSV ASP.NET Core"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "astro",
+        "display_name": "Astro",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Astro"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "caddy",
+        "display_name": "Caddy",
+        "source_name": "GitHub Caddy Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Caddy"
+        ],
+        "url": "https://github.com/caddyserver/caddy/security/advisories"
+      },
+      {
+        "system_id": "discourse",
+        "display_name": "Discourse",
+        "source_name": "Discourse Meta Security",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Meta security category HTML changed and no longer provides stable scrape semantics for health checks.",
+        "replacement_sources": [
+          "Discourse Release Notes RSS",
+          "GitHub Discourse Advisories"
+        ],
+        "url": "https://meta.discourse.org/c/bug/security/40"
+      },
+      {
+        "system_id": "discourse",
+        "display_name": "Discourse",
+        "source_name": "GitHub Discourse Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.",
+        "replacement_sources": [
+          "Discourse Release Notes RSS",
+          "Discourse Security RSS"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "django",
+        "display_name": "Django",
+        "source_name": "Django Security RSS",
+        "bucket": "official_sources",
+        "kind": "rss-feed",
+        "retired_reason": "Official security tag feed became unstable; use official weblog index and release archive instead.",
+        "replacement_sources": [
+          "Django Security Weblog",
+          "Django Security Releases Archive"
+        ],
+        "url": "https://www.djangoproject.com/weblog/feeds/tags/security/"
+      },
+      {
+        "system_id": "drupal",
+        "display_name": "Drupal",
+        "source_name": "NVD Drupal",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.",
+        "replacement_sources": [
+          "Drupal Security Advisories RSS",
+          "OSV Drupal"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "esbuild",
+        "display_name": "esbuild",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.",
+        "replacement_sources": [
+          "OSV esbuild"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "esbuild",
+        "display_name": "esbuild",
+        "source_name": "NVD esbuild",
+        "bucket": "ecosystem_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV esbuild replaces NVD public search for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "OSV esbuild"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "express",
+        "display_name": "Express",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Express"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "express",
+        "display_name": "Express",
+        "source_name": "NVD Express.js",
+        "bucket": "ecosystem_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Express replaces NVD public search for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "OSV Express"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "fastify",
+        "display_name": "Fastify",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Fastify"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "flask",
+        "display_name": "Flask",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.",
+        "replacement_sources": [
+          "OSV Flask"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "ghost",
+        "display_name": "Ghost",
+        "source_name": "NVD Ghost",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.",
+        "replacement_sources": [
+          "Ghost GitHub Advisories",
+          "OSV Ghost"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "gitea",
+        "display_name": "Gitea",
+        "source_name": "GitHub Gitea Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Gitea"
+        ],
+        "url": "https://github.com/go-gitea/gitea/security/advisories"
+      },
+      {
+        "system_id": "gitlab-ce",
+        "display_name": "GitLab CE",
+        "source_name": "GitLab Security Releases",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.",
+        "replacement_sources": [
+          "GitLab Security Releases Atom"
+        ],
+        "url": "https://about.gitlab.com/releases/categories/releases/"
+      },
+      {
+        "system_id": "gitlab-ce",
+        "display_name": "GitLab CE",
+        "source_name": "NVD GitLab",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.",
+        "replacement_sources": [
+          "GitLab Security Releases",
+          "GitLab Security Releases Atom"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "hapi",
+        "display_name": "Hapi",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Hapi"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "haproxy",
+        "display_name": "HAProxy",
+        "source_name": "HAProxy Security Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Legacy haproxy.org security page no longer yields stable scrape results for monitoring.",
+        "replacement_sources": [
+          "HAProxy Blog Feed"
+        ],
+        "url": "https://www.haproxy.org/security/"
+      },
+      {
+        "system_id": "haproxy",
+        "display_name": "HAProxy",
+        "source_name": "NVD HAProxy",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.",
+        "replacement_sources": [
+          "HAProxy Blog Feed"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "jenkins",
+        "display_name": "Jenkins",
+        "source_name": "Jenkins Security Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Jenkins Security Advisories RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.",
+        "replacement_sources": [
+          "Jenkins Security Advisories RSS"
+        ],
+        "url": "https://www.jenkins.io/security/advisories/"
+      },
+      {
+        "system_id": "jenkins",
+        "display_name": "Jenkins",
+        "source_name": "NVD Jenkins",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.",
+        "replacement_sources": [
+          "Jenkins Security Advisories",
+          "Jenkins Security Advisories RSS"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "joomla",
+        "display_name": "Joomla",
+        "source_name": "NVD Joomla",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.",
+        "replacement_sources": [
+          "Joomla Security Centre",
+          "OSV Joomla"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "kibana",
+        "display_name": "Kibana",
+        "source_name": "Elastic Security Announcements",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Elastic Security Announcements RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.",
+        "replacement_sources": [
+          "Elastic Security Announcements RSS"
+        ],
+        "url": "https://discuss.elastic.co/c/announcements/security-announcements/31"
+      },
+      {
+        "system_id": "kibana",
+        "display_name": "Kibana",
+        "source_name": "NVD Kibana",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.",
+        "replacement_sources": [
+          "Elastic Security Announcements",
+          "Elastic Security Announcements RSS"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "koa",
+        "display_name": "Koa",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Koa"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "laravel",
+        "display_name": "Laravel",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.",
+        "replacement_sources": [
+          "OSV Laravel"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "magento-open-source",
+        "display_name": "Magento Open Source",
+        "source_name": "NVD Magento",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Magento Open Source plus Magento GitHub advisories replace NVD public search for machine-readable collection.",
+        "replacement_sources": [
+          "Magento GitHub Advisories",
+          "OSV Magento Open Source"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "mattermost",
+        "display_name": "Mattermost",
+        "source_name": "Mattermost Security Updates",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.",
+        "replacement_sources": [
+          "NVD Mattermost"
+        ],
+        "url": "https://mattermost.com/security-updates/"
+      },
+      {
+        "system_id": "mattermost",
+        "display_name": "Mattermost",
+        "source_name": "NVD Mattermost",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "Mattermost Security Updates JSON",
+          "OSV Mattermost"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "mediawiki",
+        "display_name": "MediaWiki",
+        "source_name": "MediaWiki Security Releases",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.",
+        "replacement_sources": [
+          "MediaWiki Announce RSS",
+          "NVD MediaWiki"
+        ],
+        "url": "https://www.mediawiki.org/wiki/Security"
+      },
+      {
+        "system_id": "mediawiki",
+        "display_name": "MediaWiki",
+        "source_name": "NVD MediaWiki",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "MediaWiki Announce RSS",
+          "OSV MediaWiki"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "medusa",
+        "display_name": "Medusa",
+        "source_name": "GitHub Medusa Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Medusa"
+        ],
+        "url": "https://github.com/medusajs/medusa/security/advisories"
+      },
+      {
+        "system_id": "moodle",
+        "display_name": "Moodle",
+        "source_name": "Moodle Security News",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "Security page is reachable with a browser-style UA, but the current markup only exposes generic \"Discuss this topic\" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.",
+        "replacement_sources": [
+          "NVD Moodle"
+        ],
+        "url": "https://moodle.org/security/"
+      },
+      {
+        "system_id": "moodle",
+        "display_name": "Moodle",
+        "source_name": "NVD Moodle",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.",
+        "replacement_sources": [
+          "OSV Moodle"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "nestjs",
+        "display_name": "NestJS",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.",
+        "replacement_sources": [
+          "OSV NestJS"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "nestjs",
+        "display_name": "NestJS",
+        "source_name": "NVD NestJS",
+        "bucket": "ecosystem_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV NestJS replaces NVD public search for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "OSV NestJS"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "nextjs",
+        "display_name": "Next.js",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.",
+        "replacement_sources": [
+          "GitHub Next.js Advisories",
+          "OSV Next.js"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "nextjs",
+        "display_name": "Next.js",
+        "source_name": "GitHub Next.js Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Next.js"
+        ],
+        "url": "https://github.com/vercel/next.js/security/advisories"
+      },
+      {
+        "system_id": "nginx",
+        "display_name": "Nginx",
+        "source_name": "NVD NGINX",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.",
+        "replacement_sources": [
+          "NGINX Security Advisories",
+          "CISA KEV NGINX"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "nuxt",
+        "display_name": "Nuxt",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.",
+        "replacement_sources": [
+          "Nuxt Security",
+          "OSV Nuxt"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "nuxt",
+        "display_name": "Nuxt",
+        "source_name": "Nuxt Security",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Nuxt"
+        ],
+        "url": "https://github.com/nuxt/nuxt/security/advisories"
+      },
+      {
+        "system_id": "opencart",
+        "display_name": "OpenCart",
+        "source_name": "NVD OpenCart",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.",
+        "replacement_sources": [
+          "OpenCart Releases",
+          "OSV OpenCart"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "openmage",
+        "display_name": "OpenMage / Mage-OS",
+        "source_name": "NVD OpenMage",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV OpenMage replaces NVD for machine-readable composer-aligned collection.",
+        "replacement_sources": [
+          "OpenMage GitHub Advisories",
+          "OSV OpenMage"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "phpmyadmin",
+        "display_name": "phpMyAdmin",
+        "source_name": "NVD phpMyAdmin",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.",
+        "replacement_sources": [
+          "phpMyAdmin Security Page",
+          "OSV phpMyAdmin"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "prestashop",
+        "display_name": "PrestaShop",
+        "source_name": "NVD PrestaShop",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.",
+        "replacement_sources": [
+          "PrestaShop Security Page",
+          "GitHub PrestaShop Advisories",
+          "OSV PrestaShop"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "rails",
+        "display_name": "Ruby on Rails",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.",
+        "replacement_sources": [
+          "OSV Rails"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "rails",
+        "display_name": "Ruby on Rails",
+        "source_name": "NVD Ruby on Rails",
+        "bucket": "ecosystem_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Rails replaces NVD public search for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "OSV Rails"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "react",
+        "display_name": "React",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.",
+        "replacement_sources": [
+          "GitHub React Advisories",
+          "OSV React"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "react",
+        "display_name": "React",
+        "source_name": "GitHub React Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV React"
+        ],
+        "url": "https://github.com/facebook/react/security/advisories"
+      },
+      {
+        "system_id": "redmine",
+        "display_name": "Redmine",
+        "source_name": "NVD Redmine",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.",
+        "replacement_sources": [
+          "Redmine Security Advisories"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "saleor",
+        "display_name": "Saleor",
+        "source_name": "NVD Saleor",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.",
+        "replacement_sources": [
+          "GitHub Saleor Advisories",
+          "OSV Saleor"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "shopware",
+        "display_name": "Shopware",
+        "source_name": "NVD Shopware",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.",
+        "replacement_sources": [
+          "Shopware Security Advisories",
+          "OSV Shopware"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "spring-boot",
+        "display_name": "Spring Boot",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.",
+        "replacement_sources": [
+          "Spring Security Advisories",
+          "OSV Spring Boot"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "spring-framework",
+        "display_name": "Spring Framework",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.",
+        "replacement_sources": [
+          "Spring Security Advisories",
+          "OSV Spring Framework"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "spring-security",
+        "display_name": "Spring Security",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.",
+        "replacement_sources": [
+          "Spring Security Advisories",
+          "OSV Spring Security"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "sveltekit",
+        "display_name": "SvelteKit",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.",
+        "replacement_sources": [
+          "OSV SvelteKit"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "symfony",
+        "display_name": "Symfony",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.",
+        "replacement_sources": [
+          "OSV Symfony"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "traefik",
+        "display_name": "Traefik",
+        "source_name": "GitHub Traefik Advisories",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Traefik"
+        ],
+        "url": "https://github.com/traefik/traefik/security/advisories"
+      },
+      {
+        "system_id": "undici",
+        "display_name": "Undici",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.",
+        "replacement_sources": [
+          "OSV Undici"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "undici",
+        "display_name": "Undici",
+        "source_name": "NVD Undici",
+        "bucket": "ecosystem_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV Undici replaces NVD public search for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "OSV Undici"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "vite",
+        "display_name": "Vite",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.",
+        "replacement_sources": [
+          "Vite Security",
+          "OSV Vite"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "vite",
+        "display_name": "Vite",
+        "source_name": "Vite Security",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Vite"
+        ],
+        "url": "https://github.com/vitejs/vite/security/advisories"
+      },
+      {
+        "system_id": "vue",
+        "display_name": "Vue",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.",
+        "replacement_sources": [
+          "Vue Security",
+          "OSV Vue"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "vue",
+        "display_name": "Vue",
+        "source_name": "Vue Security",
+        "bucket": "official_sources",
+        "kind": "html-links",
+        "retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+        "replacement_sources": [
+          "OSV Vue"
+        ],
+        "url": "https://github.com/vuejs/core/security"
+      },
+      {
+        "system_id": "webpack",
+        "display_name": "webpack",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.",
+        "replacement_sources": [
+          "OSV webpack"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "webpack",
+        "display_name": "webpack",
+        "source_name": "NVD webpack",
+        "bucket": "ecosystem_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV webpack replaces NVD public search for lower-latency machine-readable collection.",
+        "replacement_sources": [
+          "OSV webpack"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "werkzeug",
+        "display_name": "Werkzeug",
+        "source_name": "GitHub Global Advisories",
+        "bucket": "official_sources",
+        "kind": "ghsa-global",
+        "retired_reason": "Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.",
+        "replacement_sources": [
+          "OSV Werkzeug"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "woocommerce",
+        "display_name": "WooCommerce",
+        "source_name": "NVD WooCommerce",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.",
+        "replacement_sources": [
+          "Woo Developer Advisories",
+          "GitHub WooCommerce Advisories",
+          "OSV WooCommerce"
+        ],
+        "url": ""
+      },
+      {
+        "system_id": "wordpress",
+        "display_name": "WordPress",
+        "source_name": "NVD WordPress",
+        "bucket": "official_sources",
+        "kind": "nvd-search",
+        "retired_reason": "WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.",
+        "replacement_sources": [
+          "WordPress Security News RSS",
+          "Wordfence Vulnerability Database",
+          "WPScan Vulnerability Database"
+        ],
+        "url": ""
+      }
+    ],
+    "replacement_map": [
+      {
+        "system_id": "adminer",
+        "retired_source": "NVD Adminer",
+        "replacement_sources": [
+          "OSV Adminer"
+        ]
+      },
+      {
+        "system_id": "adobe-commerce",
+        "retired_source": "Adobe Security Bulletins",
+        "replacement_sources": [
+          "Adobe Magento Security Index",
+          "NVD Adobe Commerce",
+          "GHSA Adobe Commerce"
+        ]
+      },
+      {
+        "system_id": "adobe-commerce",
+        "retired_source": "GHSA Adobe Commerce",
+        "replacement_sources": [
+          "Adobe Magento Security Index",
+          "NVD Adobe Commerce"
+        ]
+      },
+      {
+        "system_id": "adobe-commerce",
+        "retired_source": "NVD Adobe Commerce",
+        "replacement_sources": [
+          "Adobe Magento Security Index"
+        ]
+      },
+      {
+        "system_id": "adobe-commerce",
+        "retired_source": "Sansec Research",
+        "replacement_sources": [
+          "GHSA Adobe Commerce",
+          "Adobe Magento Security Index"
+        ]
+      },
+      {
+        "system_id": "angular",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Angular"
+        ]
+      },
+      {
+        "system_id": "apache-httpd",
+        "retired_source": "NVD Apache HTTP Server",
+        "replacement_sources": [
+          "Apache HTTPD Security",
+          "CISA KEV Apache HTTPD"
+        ]
+      },
+      {
+        "system_id": "apache-tomcat",
+        "retired_source": "NVD Tomcat",
+        "replacement_sources": [
+          "Apache Tomcat Security",
+          "CISA KEV Tomcat"
+        ]
+      },
+      {
+        "system_id": "aspnet-core",
+        "retired_source": "NVD ASP.NET Core",
+        "replacement_sources": [
+          "OSV ASP.NET Core"
+        ]
+      },
+      {
+        "system_id": "astro",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Astro"
+        ]
+      },
+      {
+        "system_id": "caddy",
+        "retired_source": "GitHub Caddy Advisories",
+        "replacement_sources": [
+          "OSV Caddy"
+        ]
+      },
+      {
+        "system_id": "discourse",
+        "retired_source": "Discourse Meta Security",
+        "replacement_sources": [
+          "Discourse Release Notes RSS",
+          "GitHub Discourse Advisories"
+        ]
+      },
+      {
+        "system_id": "discourse",
+        "retired_source": "GitHub Discourse Advisories",
+        "replacement_sources": [
+          "Discourse Release Notes RSS",
+          "Discourse Security RSS"
+        ]
+      },
+      {
+        "system_id": "django",
+        "retired_source": "Django Security RSS",
+        "replacement_sources": [
+          "Django Security Weblog",
+          "Django Security Releases Archive"
+        ]
+      },
+      {
+        "system_id": "drupal",
+        "retired_source": "NVD Drupal",
+        "replacement_sources": [
+          "Drupal Security Advisories RSS",
+          "OSV Drupal"
+        ]
+      },
+      {
+        "system_id": "esbuild",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV esbuild"
+        ]
+      },
+      {
+        "system_id": "esbuild",
+        "retired_source": "NVD esbuild",
+        "replacement_sources": [
+          "OSV esbuild"
+        ]
+      },
+      {
+        "system_id": "express",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Express"
+        ]
+      },
+      {
+        "system_id": "express",
+        "retired_source": "NVD Express.js",
+        "replacement_sources": [
+          "OSV Express"
+        ]
+      },
+      {
+        "system_id": "fastify",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Fastify"
+        ]
+      },
+      {
+        "system_id": "flask",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Flask"
+        ]
+      },
+      {
+        "system_id": "ghost",
+        "retired_source": "NVD Ghost",
+        "replacement_sources": [
+          "Ghost GitHub Advisories",
+          "OSV Ghost"
+        ]
+      },
+      {
+        "system_id": "gitea",
+        "retired_source": "GitHub Gitea Advisories",
+        "replacement_sources": [
+          "OSV Gitea"
+        ]
+      },
+      {
+        "system_id": "gitlab-ce",
+        "retired_source": "GitLab Security Releases",
+        "replacement_sources": [
+          "GitLab Security Releases Atom"
+        ]
+      },
+      {
+        "system_id": "gitlab-ce",
+        "retired_source": "NVD GitLab",
+        "replacement_sources": [
+          "GitLab Security Releases",
+          "GitLab Security Releases Atom"
+        ]
+      },
+      {
+        "system_id": "hapi",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Hapi"
+        ]
+      },
+      {
+        "system_id": "haproxy",
+        "retired_source": "HAProxy Security Advisories",
+        "replacement_sources": [
+          "HAProxy Blog Feed"
+        ]
+      },
+      {
+        "system_id": "haproxy",
+        "retired_source": "NVD HAProxy",
+        "replacement_sources": [
+          "HAProxy Blog Feed"
+        ]
+      },
+      {
+        "system_id": "jenkins",
+        "retired_source": "Jenkins Security Advisories",
+        "replacement_sources": [
+          "Jenkins Security Advisories RSS"
+        ]
+      },
+      {
+        "system_id": "jenkins",
+        "retired_source": "NVD Jenkins",
+        "replacement_sources": [
+          "Jenkins Security Advisories",
+          "Jenkins Security Advisories RSS"
+        ]
+      },
+      {
+        "system_id": "joomla",
+        "retired_source": "NVD Joomla",
+        "replacement_sources": [
+          "Joomla Security Centre",
+          "OSV Joomla"
+        ]
+      },
+      {
+        "system_id": "kibana",
+        "retired_source": "Elastic Security Announcements",
+        "replacement_sources": [
+          "Elastic Security Announcements RSS"
+        ]
+      },
+      {
+        "system_id": "kibana",
+        "retired_source": "NVD Kibana",
+        "replacement_sources": [
+          "Elastic Security Announcements",
+          "Elastic Security Announcements RSS"
+        ]
+      },
+      {
+        "system_id": "koa",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Koa"
+        ]
+      },
+      {
+        "system_id": "laravel",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Laravel"
+        ]
+      },
+      {
+        "system_id": "magento-open-source",
+        "retired_source": "NVD Magento",
+        "replacement_sources": [
+          "Magento GitHub Advisories",
+          "OSV Magento Open Source"
+        ]
+      },
+      {
+        "system_id": "mattermost",
+        "retired_source": "Mattermost Security Updates",
+        "replacement_sources": [
+          "NVD Mattermost"
+        ]
+      },
+      {
+        "system_id": "mattermost",
+        "retired_source": "NVD Mattermost",
+        "replacement_sources": [
+          "Mattermost Security Updates JSON",
+          "OSV Mattermost"
+        ]
+      },
+      {
+        "system_id": "mediawiki",
+        "retired_source": "MediaWiki Security Releases",
+        "replacement_sources": [
+          "MediaWiki Announce RSS",
+          "NVD MediaWiki"
+        ]
+      },
+      {
+        "system_id": "mediawiki",
+        "retired_source": "NVD MediaWiki",
+        "replacement_sources": [
+          "MediaWiki Announce RSS",
+          "OSV MediaWiki"
+        ]
+      },
+      {
+        "system_id": "medusa",
+        "retired_source": "GitHub Medusa Advisories",
+        "replacement_sources": [
+          "OSV Medusa"
+        ]
+      },
+      {
+        "system_id": "moodle",
+        "retired_source": "Moodle Security News",
+        "replacement_sources": [
+          "NVD Moodle"
+        ]
+      },
+      {
+        "system_id": "moodle",
+        "retired_source": "NVD Moodle",
+        "replacement_sources": [
+          "OSV Moodle"
+        ]
+      },
+      {
+        "system_id": "nestjs",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV NestJS"
+        ]
+      },
+      {
+        "system_id": "nestjs",
+        "retired_source": "NVD NestJS",
+        "replacement_sources": [
+          "OSV NestJS"
+        ]
+      },
+      {
+        "system_id": "nextjs",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "GitHub Next.js Advisories",
+          "OSV Next.js"
+        ]
+      },
+      {
+        "system_id": "nextjs",
+        "retired_source": "GitHub Next.js Advisories",
+        "replacement_sources": [
+          "OSV Next.js"
+        ]
+      },
+      {
+        "system_id": "nginx",
+        "retired_source": "NVD NGINX",
+        "replacement_sources": [
+          "NGINX Security Advisories",
+          "CISA KEV NGINX"
+        ]
+      },
+      {
+        "system_id": "nuxt",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "Nuxt Security",
+          "OSV Nuxt"
+        ]
+      },
+      {
+        "system_id": "nuxt",
+        "retired_source": "Nuxt Security",
+        "replacement_sources": [
+          "OSV Nuxt"
+        ]
+      },
+      {
+        "system_id": "opencart",
+        "retired_source": "NVD OpenCart",
+        "replacement_sources": [
+          "OpenCart Releases",
+          "OSV OpenCart"
+        ]
+      },
+      {
+        "system_id": "openmage",
+        "retired_source": "NVD OpenMage",
+        "replacement_sources": [
+          "OpenMage GitHub Advisories",
+          "OSV OpenMage"
+        ]
+      },
+      {
+        "system_id": "phpmyadmin",
+        "retired_source": "NVD phpMyAdmin",
+        "replacement_sources": [
+          "phpMyAdmin Security Page",
+          "OSV phpMyAdmin"
+        ]
+      },
+      {
+        "system_id": "prestashop",
+        "retired_source": "NVD PrestaShop",
+        "replacement_sources": [
+          "PrestaShop Security Page",
+          "GitHub PrestaShop Advisories",
+          "OSV PrestaShop"
+        ]
+      },
+      {
+        "system_id": "rails",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Rails"
+        ]
+      },
+      {
+        "system_id": "rails",
+        "retired_source": "NVD Ruby on Rails",
+        "replacement_sources": [
+          "OSV Rails"
+        ]
+      },
+      {
+        "system_id": "react",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "GitHub React Advisories",
+          "OSV React"
+        ]
+      },
+      {
+        "system_id": "react",
+        "retired_source": "GitHub React Advisories",
+        "replacement_sources": [
+          "OSV React"
+        ]
+      },
+      {
+        "system_id": "redmine",
+        "retired_source": "NVD Redmine",
+        "replacement_sources": [
+          "Redmine Security Advisories"
+        ]
+      },
+      {
+        "system_id": "saleor",
+        "retired_source": "NVD Saleor",
+        "replacement_sources": [
+          "GitHub Saleor Advisories",
+          "OSV Saleor"
+        ]
+      },
+      {
+        "system_id": "shopware",
+        "retired_source": "NVD Shopware",
+        "replacement_sources": [
+          "Shopware Security Advisories",
+          "OSV Shopware"
+        ]
+      },
+      {
+        "system_id": "spring-boot",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "Spring Security Advisories",
+          "OSV Spring Boot"
+        ]
+      },
+      {
+        "system_id": "spring-framework",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "Spring Security Advisories",
+          "OSV Spring Framework"
+        ]
+      },
+      {
+        "system_id": "spring-security",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "Spring Security Advisories",
+          "OSV Spring Security"
+        ]
+      },
+      {
+        "system_id": "sveltekit",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV SvelteKit"
+        ]
+      },
+      {
+        "system_id": "symfony",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Symfony"
+        ]
+      },
+      {
+        "system_id": "traefik",
+        "retired_source": "GitHub Traefik Advisories",
+        "replacement_sources": [
+          "OSV Traefik"
+        ]
+      },
+      {
+        "system_id": "undici",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Undici"
+        ]
+      },
+      {
+        "system_id": "undici",
+        "retired_source": "NVD Undici",
+        "replacement_sources": [
+          "OSV Undici"
+        ]
+      },
+      {
+        "system_id": "vite",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "Vite Security",
+          "OSV Vite"
+        ]
+      },
+      {
+        "system_id": "vite",
+        "retired_source": "Vite Security",
+        "replacement_sources": [
+          "OSV Vite"
+        ]
+      },
+      {
+        "system_id": "vue",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "Vue Security",
+          "OSV Vue"
+        ]
+      },
+      {
+        "system_id": "vue",
+        "retired_source": "Vue Security",
+        "replacement_sources": [
+          "OSV Vue"
+        ]
+      },
+      {
+        "system_id": "webpack",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV webpack"
+        ]
+      },
+      {
+        "system_id": "webpack",
+        "retired_source": "NVD webpack",
+        "replacement_sources": [
+          "OSV webpack"
+        ]
+      },
+      {
+        "system_id": "werkzeug",
+        "retired_source": "GitHub Global Advisories",
+        "replacement_sources": [
+          "OSV Werkzeug"
+        ]
+      },
+      {
+        "system_id": "woocommerce",
+        "retired_source": "NVD WooCommerce",
+        "replacement_sources": [
+          "Woo Developer Advisories",
+          "GitHub WooCommerce Advisories",
+          "OSV WooCommerce"
+        ]
+      },
+      {
+        "system_id": "wordpress",
+        "retired_source": "NVD WordPress",
+        "replacement_sources": [
+          "WordPress Security News RSS",
+          "Wordfence Vulnerability Database",
+          "WPScan Vulnerability Database"
+        ]
+      }
+    ]
+  },
+  "source_health": {
+    "generated_at": "2026-03-19T23:44:51+00:00",
+    "active_source_count": 101,
+    "green_source_count": 101,
+    "failure_count": 0,
+    "all_green": true,
+    "last_fully_green_run": "2026-03-19T23:44:51+00:00",
+    "retries_performed": 0,
+    "probes": [
+      {
+        "system_id": "adminer",
+        "source_name": "OSV Adminer",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.096,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "adobe-commerce",
+        "source_name": "Adobe Magento Security Index",
+        "source_kind": "vendor-index",
+        "elapsed_seconds": 0.032,
+        "kind": "vendor-index",
+        "items_seen": 46
+      },
+      {
+        "system_id": "angular",
+        "source_name": "OSV Angular",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.013,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "apache-httpd",
+        "source_name": "Apache HTTPD Security",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.024,
+        "kind": "html-links",
+        "items_seen": 182
+      },
+      {
+        "system_id": "apache-httpd",
+        "source_name": "CISA KEV Apache HTTPD",
+        "source_kind": "kev-json",
+        "elapsed_seconds": 0.074,
+        "kind": "kev-json",
+        "items_seen": 1546
+      },
+      {
+        "system_id": "apache-tomcat",
+        "source_name": "Apache Tomcat Security",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.064,
+        "kind": "html-links",
+        "items_seen": 270
+      },
+      {
+        "system_id": "apache-tomcat",
+        "source_name": "CISA KEV Tomcat",
+        "source_kind": "kev-json",
+        "elapsed_seconds": 0.064,
+        "kind": "kev-json",
+        "items_seen": 1546
+      },
+      {
+        "system_id": "aspnet-core",
+        "source_name": "OSV ASP.NET Core",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.006,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "astro",
+        "source_name": "OSV Astro",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.013,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "caddy",
+        "source_name": "OSV Caddy",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.064,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "directus",
+        "source_name": "Directus GitHub Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.037,
+        "kind": "html-links",
+        "items_seen": 127
+      },
+      {
+        "system_id": "directus",
+        "source_name": "OSV Directus",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.032,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "discourse",
+        "source_name": "Discourse Release Notes RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.032,
+        "kind": "rss-feed",
+        "items_seen": 30
+      },
+      {
+        "system_id": "discourse",
+        "source_name": "Discourse Security RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.032,
+        "kind": "rss-feed",
+        "items_seen": 3
+      },
+      {
+        "system_id": "discourse",
+        "source_name": "OSV Discourse",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.032,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "django",
+        "source_name": "Django Security Releases Archive",
+        "source_kind": "vendor-index",
+        "elapsed_seconds": 0.068,
+        "kind": "vendor-index",
+        "items_seen": 1276
+      },
+      {
+        "system_id": "django",
+        "source_name": "Django Security Weblog",
+        "source_kind": "vendor-index",
+        "elapsed_seconds": 0.043,
+        "kind": "vendor-index",
+        "items_seen": 332
+      },
+      {
+        "system_id": "django",
+        "source_name": "OSV Django",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.064,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "drupal",
+        "source_name": "Drupal Security Advisories RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.038,
+        "kind": "rss-feed",
+        "items_seen": 20
+      },
+      {
+        "system_id": "drupal",
+        "source_name": "OSV Drupal",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.038,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "echo",
+        "source_name": "OSV Echo",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.039,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "esbuild",
+        "source_name": "OSV esbuild",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.044,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "express",
+        "source_name": "OSV Express",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.013,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "fastify",
+        "source_name": "OSV Fastify",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.005,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "flask",
+        "source_name": "OSV Flask",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.017,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "ghost",
+        "source_name": "Ghost GitHub Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.038,
+        "kind": "html-links",
+        "items_seen": 119
+      },
+      {
+        "system_id": "ghost",
+        "source_name": "OSV Ghost",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.038,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "gin",
+        "source_name": "OSV Gin",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.024,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "gitea",
+        "source_name": "OSV Gitea",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.074,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "gitlab-ce",
+        "source_name": "GitLab Advisory Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.096,
+        "kind": "html-links",
+        "items_seen": 5
+      },
+      {
+        "system_id": "gitlab-ce",
+        "source_name": "GitLab Security Releases Atom",
+        "source_kind": "atom-feed",
+        "elapsed_seconds": 0.097,
+        "kind": "atom-feed",
+        "items_seen": 186
+      },
+      {
+        "system_id": "grafana",
+        "source_name": "CISA KEV Grafana",
+        "source_kind": "kev-json",
+        "elapsed_seconds": 0.039,
+        "kind": "kev-json",
+        "items_seen": 1546
+      },
+      {
+        "system_id": "grafana",
+        "source_name": "Grafana Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.065,
+        "kind": "html-links",
+        "items_seen": 159
+      },
+      {
+        "system_id": "hapi",
+        "source_name": "OSV Hapi",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.009,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "haproxy",
+        "source_name": "HAProxy Blog Feed",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.064,
+        "kind": "rss-feed",
+        "items_seen": 10
+      },
+      {
+        "system_id": "jenkins",
+        "source_name": "Jenkins Security Advisories RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.074,
+        "kind": "rss-feed",
+        "items_seen": 96
+      },
+      {
+        "system_id": "joomla",
+        "source_name": "Joomla Security Centre",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.038,
+        "kind": "html-links",
+        "items_seen": 139
+      },
+      {
+        "system_id": "joomla",
+        "source_name": "OSV Joomla",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.038,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "kibana",
+        "source_name": "Elastic Security Announcements RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.074,
+        "kind": "rss-feed",
+        "items_seen": 25
+      },
+      {
+        "system_id": "koa",
+        "source_name": "OSV Koa",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.009,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "laravel",
+        "source_name": "OSV Laravel",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.008,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "magento-open-source",
+        "source_name": "Magento GitHub Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.032,
+        "kind": "html-links",
+        "items_seen": 99
+      },
+      {
+        "system_id": "magento-open-source",
+        "source_name": "OSV Magento Open Source",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.032,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "magento-open-source",
+        "source_name": "Sansec Research",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.032,
+        "kind": "html-links",
+        "items_seen": 134
+      },
+      {
+        "system_id": "mattermost",
+        "source_name": "Mattermost Security Updates JSON",
+        "source_kind": "json-feed",
+        "elapsed_seconds": 0.074,
+        "kind": "json-feed",
+        "items_seen": 594
+      },
+      {
+        "system_id": "mattermost",
+        "source_name": "OSV Mattermost",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.096,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "mediawiki",
+        "source_name": "MediaWiki Announce RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.032,
+        "kind": "rss-feed",
+        "items_seen": 30
+      },
+      {
+        "system_id": "mediawiki",
+        "source_name": "OSV MediaWiki",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.032,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "medusa",
+        "source_name": "OSV Medusa",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "moodle",
+        "source_name": "OSV Moodle",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.032,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "nestjs",
+        "source_name": "OSV NestJS",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.005,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "nextjs",
+        "source_name": "OSV Next.js",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "nginx",
+        "source_name": "CISA KEV NGINX",
+        "source_kind": "kev-json",
+        "elapsed_seconds": 0.064,
+        "kind": "kev-json",
+        "items_seen": 1546
+      },
+      {
+        "system_id": "nginx",
+        "source_name": "NGINX Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.023,
+        "kind": "html-links",
+        "items_seen": 138
+      },
+      {
+        "system_id": "nodejs",
+        "source_name": "CISA KEV Node.js",
+        "source_kind": "kev-json",
+        "elapsed_seconds": 0.028,
+        "kind": "kev-json",
+        "items_seen": 1546
+      },
+      {
+        "system_id": "nodejs",
+        "source_name": "Node.js Security Releases",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.005,
+        "kind": "html-links",
+        "items_seen": 74
+      },
+      {
+        "system_id": "nuxt",
+        "source_name": "OSV Nuxt",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.013,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "opencart",
+        "source_name": "OSV OpenCart",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "opencart",
+        "source_name": "OpenCart Releases",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.015,
+        "kind": "html-links",
+        "items_seen": 1500
+      },
+      {
+        "system_id": "openmage",
+        "source_name": "OSV OpenMage",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.031,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "openmage",
+        "source_name": "OpenMage GitHub Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.032,
+        "kind": "html-links",
+        "items_seen": 125
+      },
+      {
+        "system_id": "phpmyadmin",
+        "source_name": "OSV phpMyAdmin",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.064,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "phpmyadmin",
+        "source_name": "phpMyAdmin Security Page",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.064,
+        "kind": "html-links",
+        "items_seen": 262
+      },
+      {
+        "system_id": "prestashop",
+        "source_name": "Friends Of Presta Security",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.019,
+        "kind": "html-links",
+        "items_seen": 38
+      },
+      {
+        "system_id": "prestashop",
+        "source_name": "GitHub PrestaShop Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.019,
+        "kind": "html-links",
+        "items_seen": 127
+      },
+      {
+        "system_id": "prestashop",
+        "source_name": "OSV PrestaShop",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.019,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "prestashop",
+        "source_name": "PrestaShop Security Page",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.019,
+        "kind": "html-links",
+        "items_seen": 60
+      },
+      {
+        "system_id": "rails",
+        "source_name": "OSV Rails",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.039,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "react",
+        "source_name": "OSV React",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "redmine",
+        "source_name": "OSV Redmine",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.074,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "redmine",
+        "source_name": "Redmine Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.074,
+        "kind": "html-links",
+        "items_seen": 371
+      },
+      {
+        "system_id": "saleor",
+        "source_name": "GitHub Saleor Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.015,
+        "kind": "html-links",
+        "items_seen": 120
+      },
+      {
+        "system_id": "saleor",
+        "source_name": "OSV Saleor",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "shopware",
+        "source_name": "OSV Shopware",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "shopware",
+        "source_name": "Shopware Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.019,
+        "kind": "html-links",
+        "items_seen": 129
+      },
+      {
+        "system_id": "spring-boot",
+        "source_name": "OSV Spring Boot",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.01,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "spring-boot",
+        "source_name": "Spring Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.009,
+        "kind": "html-links",
+        "items_seen": 118
+      },
+      {
+        "system_id": "spring-framework",
+        "source_name": "OSV Spring Framework",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.009,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "spring-framework",
+        "source_name": "Spring Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.021,
+        "kind": "html-links",
+        "items_seen": 118
+      },
+      {
+        "system_id": "spring-security",
+        "source_name": "OSV Spring Security",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.009,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "spring-security",
+        "source_name": "Spring Security Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.01,
+        "kind": "html-links",
+        "items_seen": 118
+      },
+      {
+        "system_id": "strapi",
+        "source_name": "OSV Strapi",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.037,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "strapi",
+        "source_name": "Strapi GitHub Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.037,
+        "kind": "html-links",
+        "items_seen": 124
+      },
+      {
+        "system_id": "sveltekit",
+        "source_name": "OSV SvelteKit",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.013,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "symfony",
+        "source_name": "OSV Symfony",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.043,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "traefik",
+        "source_name": "OSV Traefik",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.074,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "undici",
+        "source_name": "OSV Undici",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.009,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "vite",
+        "source_name": "OSV Vite",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.013,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "vue",
+        "source_name": "OSV Vue",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.015,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "webpack",
+        "source_name": "OSV webpack",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.009,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "werkzeug",
+        "source_name": "OSV Werkzeug",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.006,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "woocommerce",
+        "source_name": "GitHub WooCommerce Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.031,
+        "kind": "html-links",
+        "items_seen": 107
+      },
+      {
+        "system_id": "woocommerce",
+        "source_name": "OSV WooCommerce",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.031,
+        "kind": "osv-batch",
+        "items_seen": 1
+      },
+      {
+        "system_id": "woocommerce",
+        "source_name": "Patchstack Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.019,
+        "kind": "html-links",
+        "items_seen": 193
+      },
+      {
+        "system_id": "woocommerce",
+        "source_name": "Woo Developer Advisories",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.031,
+        "kind": "html-links",
+        "items_seen": 121
+      },
+      {
+        "system_id": "woocommerce",
+        "source_name": "Wordfence Vulnerability Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.019,
+        "kind": "html-links",
+        "items_seen": 0
+      },
+      {
+        "system_id": "wordpress",
+        "source_name": "Patchstack Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.041,
+        "kind": "html-links",
+        "items_seen": 193
+      },
+      {
+        "system_id": "wordpress",
+        "source_name": "PortSwigger Research",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.038,
+        "kind": "html-links",
+        "items_seen": 99
+      },
+      {
+        "system_id": "wordpress",
+        "source_name": "WPScan Vulnerability Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.041,
+        "kind": "html-links",
+        "items_seen": 74
+      },
+      {
+        "system_id": "wordpress",
+        "source_name": "WordPress Security News RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.041,
+        "kind": "rss-feed",
+        "items_seen": 10
+      },
+      {
+        "system_id": "wordpress",
+        "source_name": "Wordfence Vulnerability Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.041,
+        "kind": "html-links",
+        "items_seen": 0
+      }
+    ],
+    "failures": [],
+    "slow_sources": [
+      {
+        "system_id": "gitlab-ce",
+        "source_name": "GitLab Security Releases Atom",
+        "source_kind": "atom-feed",
+        "elapsed_seconds": 0.097,
+        "status": "ok"
+      },
+      {
+        "system_id": "adminer",
+        "source_name": "OSV Adminer",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.096,
+        "status": "ok"
+      },
+      {
+        "system_id": "gitlab-ce",
+        "source_name": "GitLab Advisory Database",
+        "source_kind": "html-links",
+        "elapsed_seconds": 0.096,
+        "status": "ok"
+      },
+      {
+        "system_id": "mattermost",
+        "source_name": "OSV Mattermost",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.096,
+        "status": "ok"
+      },
+      {
+        "system_id": "apache-httpd",
+        "source_name": "CISA KEV Apache HTTPD",
+        "source_kind": "kev-json",
+        "elapsed_seconds": 0.074,
+        "status": "ok"
+      },
+      {
+        "system_id": "gitea",
+        "source_name": "OSV Gitea",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.074,
+        "status": "ok"
+      },
+      {
+        "system_id": "jenkins",
+        "source_name": "Jenkins Security Advisories RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.074,
+        "status": "ok"
+      },
+      {
+        "system_id": "kibana",
+        "source_name": "Elastic Security Announcements RSS",
+        "source_kind": "rss-feed",
+        "elapsed_seconds": 0.074,
+        "status": "ok"
+      },
+      {
+        "system_id": "mattermost",
+        "source_name": "Mattermost Security Updates JSON",
+        "source_kind": "json-feed",
+        "elapsed_seconds": 0.074,
+        "status": "ok"
+      },
+      {
+        "system_id": "redmine",
+        "source_name": "OSV Redmine",
+        "source_kind": "osv-batch",
+        "elapsed_seconds": 0.074,
+        "status": "ok"
+      }
+    ],
+    "systems": [
+      {
+        "system_id": "adminer",
+        "display_name": "Adminer",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "adobe-commerce",
+        "display_name": "Adobe Commerce",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "angular",
+        "display_name": "Angular",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "apache-httpd",
+        "display_name": "Apache HTTP Server",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "apache-tomcat",
+        "display_name": "Apache Tomcat",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "aspnet-core",
+        "display_name": "ASP.NET Core",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "astro",
+        "display_name": "Astro",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "caddy",
+        "display_name": "Caddy",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "directus",
+        "display_name": "Directus",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "discourse",
+        "display_name": "Discourse",
+        "active_source_total": 3,
+        "green_source_total": 3,
+        "failure_count": 0
+      },
+      {
+        "system_id": "django",
+        "display_name": "Django",
+        "active_source_total": 3,
+        "green_source_total": 3,
+        "failure_count": 0
+      },
+      {
+        "system_id": "drupal",
+        "display_name": "Drupal",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "echo",
+        "display_name": "Echo",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "esbuild",
+        "display_name": "esbuild",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "express",
+        "display_name": "Express",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "fastify",
+        "display_name": "Fastify",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "flask",
+        "display_name": "Flask",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "ghost",
+        "display_name": "Ghost",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "gin",
+        "display_name": "Gin",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "gitea",
+        "display_name": "Gitea",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "gitlab-ce",
+        "display_name": "GitLab CE",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "grafana",
+        "display_name": "Grafana",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "hapi",
+        "display_name": "Hapi",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "haproxy",
+        "display_name": "HAProxy",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "jenkins",
+        "display_name": "Jenkins",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "joomla",
+        "display_name": "Joomla",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "kibana",
+        "display_name": "Kibana",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "koa",
+        "display_name": "Koa",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "laravel",
+        "display_name": "Laravel",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "magento-open-source",
+        "display_name": "Magento Open Source",
+        "active_source_total": 3,
+        "green_source_total": 3,
+        "failure_count": 0
+      },
+      {
+        "system_id": "mattermost",
+        "display_name": "Mattermost",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "mediawiki",
+        "display_name": "MediaWiki",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "medusa",
+        "display_name": "Medusa",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "moodle",
+        "display_name": "Moodle",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "nestjs",
+        "display_name": "NestJS",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "nextjs",
+        "display_name": "Next.js",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "nginx",
+        "display_name": "Nginx",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "nodejs",
+        "display_name": "Node.js",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "nuxt",
+        "display_name": "Nuxt",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "opencart",
+        "display_name": "OpenCart",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "openmage",
+        "display_name": "OpenMage / Mage-OS",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "phpmyadmin",
+        "display_name": "phpMyAdmin",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "prestashop",
+        "display_name": "PrestaShop",
+        "active_source_total": 4,
+        "green_source_total": 4,
+        "failure_count": 0
+      },
+      {
+        "system_id": "rails",
+        "display_name": "Ruby on Rails",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "react",
+        "display_name": "React",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "redmine",
+        "display_name": "Redmine",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "saleor",
+        "display_name": "Saleor",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "shopware",
+        "display_name": "Shopware",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "spring-boot",
+        "display_name": "Spring Boot",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "spring-framework",
+        "display_name": "Spring Framework",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "spring-security",
+        "display_name": "Spring Security",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "strapi",
+        "display_name": "Strapi",
+        "active_source_total": 2,
+        "green_source_total": 2,
+        "failure_count": 0
+      },
+      {
+        "system_id": "sveltekit",
+        "display_name": "SvelteKit",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "symfony",
+        "display_name": "Symfony",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "traefik",
+        "display_name": "Traefik",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "undici",
+        "display_name": "Undici",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "vite",
+        "display_name": "Vite",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "vue",
+        "display_name": "Vue",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "webpack",
+        "display_name": "webpack",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "werkzeug",
+        "display_name": "Werkzeug",
+        "active_source_total": 1,
+        "green_source_total": 1,
+        "failure_count": 0
+      },
+      {
+        "system_id": "woocommerce",
+        "display_name": "WooCommerce",
+        "active_source_total": 5,
+        "green_source_total": 5,
+        "failure_count": 0
+      },
+      {
+        "system_id": "wordpress",
+        "display_name": "WordPress",
+        "active_source_total": 5,
+        "green_source_total": 5,
+        "failure_count": 0
+      }
+    ]
+  },
+  "alerts": [
+    {
+      "alert_id": "django::OSV Django",
+      "system_id": "django",
+      "display_name": "Django",
+      "source_name": "OSV Django",
+      "source_kind": "osv-batch",
+      "status": "resolved",
+      "opened_at": "2026-03-19T02:27:12+00:00",
+      "updated_at": "2026-03-19T02:27:12+00:00",
+      "resolved_at": "2026-03-19T02:27:12+00:00",
+      "failure_streak": 1,
+      "last_category": "tls",
+      "last_failure": {
+        "system_id": "django",
+        "display_name": "Django",
+        "source_name": "OSV Django",
+        "source_kind": "osv-batch",
+        "source_bucket": "official_sources",
+        "category": "tls",
+        "exception": "SSLError",
+        "message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "status_code": null,
+        "url": "",
+        "summary": "django::OSV Django::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "elapsed_seconds": 25.112
+      }
+    },
+    {
+      "alert_id": "flask::OSV Flask",
+      "system_id": "flask",
+      "display_name": "Flask",
+      "source_name": "OSV Flask",
+      "source_kind": "osv-batch",
+      "status": "resolved",
+      "opened_at": "2026-03-19T02:27:12+00:00",
+      "updated_at": "2026-03-19T02:27:12+00:00",
+      "resolved_at": "2026-03-19T02:27:12+00:00",
+      "failure_streak": 1,
+      "last_category": "tls",
+      "last_failure": {
+        "system_id": "flask",
+        "display_name": "Flask",
+        "source_name": "OSV Flask",
+        "source_kind": "osv-batch",
+        "source_bucket": "official_sources",
+        "category": "tls",
+        "exception": "SSLError",
+        "message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "status_code": null,
+        "url": "",
+        "summary": "flask::OSV Flask::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "elapsed_seconds": 25.129
+      }
+    },
+    {
+      "alert_id": "spring-security::OSV Spring Security",
+      "system_id": "spring-security",
+      "display_name": "Spring Security",
+      "source_name": "OSV Spring Security",
+      "source_kind": "osv-batch",
+      "status": "resolved",
+      "opened_at": "2026-03-19T02:27:12+00:00",
+      "updated_at": "2026-03-19T02:27:12+00:00",
+      "resolved_at": "2026-03-19T02:27:12+00:00",
+      "failure_streak": 1,
+      "last_category": "tls",
+      "last_failure": {
+        "system_id": "spring-security",
+        "display_name": "Spring Security",
+        "source_name": "OSV Spring Security",
+        "source_kind": "osv-batch",
+        "source_bucket": "ecosystem_sources",
+        "category": "tls",
+        "exception": "SSLError",
+        "message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "status_code": null,
+        "url": "",
+        "summary": "spring-security::OSV Spring Security::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "elapsed_seconds": 25.247
+      }
+    },
+    {
+      "alert_id": "symfony::OSV Symfony",
+      "system_id": "symfony",
+      "display_name": "Symfony",
+      "source_name": "OSV Symfony",
+      "source_kind": "osv-batch",
+      "status": "resolved",
+      "opened_at": "2026-03-19T02:27:12+00:00",
+      "updated_at": "2026-03-19T02:27:12+00:00",
+      "resolved_at": "2026-03-19T02:27:12+00:00",
+      "failure_streak": 1,
+      "last_category": "tls",
+      "last_failure": {
+        "system_id": "symfony",
+        "display_name": "Symfony",
+        "source_name": "OSV Symfony",
+        "source_kind": "osv-batch",
+        "source_bucket": "official_sources",
+        "category": "tls",
+        "exception": "SSLError",
+        "message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "status_code": null,
+        "url": "",
+        "summary": "symfony::OSV Symfony::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
+        "elapsed_seconds": 25.232
+      }
+    }
+  ],
+  "monitor_summary": {
+    "generated_at": "2026-03-19T23:44:51+00:00",
+    "active_source_count": 101,
+    "green_source_count": 101,
+    "source_failure_count": 0,
+    "open_alert_count": 0,
+    "resolved_alert_count": 4,
+    "last_fully_green_run": "2026-03-19T23:44:51+00:00",
+    "source_catalog": {
+      "system_count": 62,
+      "source_count": 179,
+      "retired_source_count": 78
+    },
+    "ingest": {
+      "new_count": 7,
+      "updated_count": 5,
+      "failure_count": 0,
+      "systems_touched": [
+        "kibana",
+        "mattermost",
+        "nextjs"
+      ]
+    },
+    "validation": {
+      "passed": true,
+      "error_count": 0,
+      "errors": []
+    }
+  }
+}
diff --git a/08-threat-intel/registry/systems/kibana.json b/08-threat-intel/registry/systems/kibana.json
index 7381e61f..eed41f0a 100644
--- a/08-threat-intel/registry/systems/kibana.json
+++ b/08-threat-intel/registry/systems/kibana.json
@@ -3,10 +3,10 @@
   "display_name": "Kibana",
   "category": "platforms",
   "tier": "rolling-24m",
-  "total": 41,
+  "total": 47,
   "markdown_cases": 0,
-  "triage_count": 0,
-  "latest_update": "",
+  "triage_count": 6,
+  "latest_update": "Thu, 19 Mar 2026 16:59:58 +0000",
   "output_dir": "07-framework-security/platforms/kibana",
   "secure_code_topics": [
     "authz-server-side-recheck",
@@ -16,8 +16,14 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 41,
+  "manual_count": 47,
   "items": [
+    "kibana--844efe5dac",
+    "kibana--ca14c406d9",
+    "kibana--0fcd01159e",
+    "kibana--4d0ef3a07b",
+    "kibana--4bfdbe9da9",
+    "kibana--012933e759",
     "kibana--02f2023a8a",
     "kibana--082700f544",
     "kibana--0e828e6029",
diff --git a/08-threat-intel/registry/systems/mattermost.json b/08-threat-intel/registry/systems/mattermost.json
index a5257466..da692e4c 100644
--- a/08-threat-intel/registry/systems/mattermost.json
+++ b/08-threat-intel/registry/systems/mattermost.json
@@ -3,8 +3,8 @@
   "display_name": "Mattermost",
   "category": "platforms",
   "tier": "rolling-24m",
-  "total": 20,
-  "markdown_cases": 20,
+  "total": 21,
+  "markdown_cases": 21,
   "triage_count": 0,
   "latest_update": "Fix Release Date",
   "output_dir": "07-framework-security/platforms/mattermost",
@@ -16,9 +16,10 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 20,
+  "manual_count": 21,
   "items": [
     "mattermost--Issue Identifier",
+    "mattermost--CVE-2026-22545",
     "mattermost--CVE-2026-4265",
     "mattermost--MMSA-2026-00574",
     "mattermost--MMSA-2026-00603",
diff --git a/08-threat-intel/registry/systems/nextjs.json b/08-threat-intel/registry/systems/nextjs.json
index a33aae92..c47fe8ef 100644
--- a/08-threat-intel/registry/systems/nextjs.json
+++ b/08-threat-intel/registry/systems/nextjs.json
@@ -6,7 +6,7 @@
   "total": 66,
   "markdown_cases": 41,
   "triage_count": 25,
-  "latest_update": "2026-03-18T22:02:16.858114Z",
+  "latest_update": "2026-03-19T18:48:06.587119Z",
   "output_dir": "07-framework-security/frameworks/nextjs",
   "secure_code_topics": [
     "authz-server-side-recheck",
diff --git a/08-threat-intel/registry/triage/kibana--012933e759.json b/08-threat-intel/registry/triage/kibana--012933e759.json
new file mode 100644
index 00000000..fdb2a381
--- /dev/null
+++ b/08-threat-intel/registry/triage/kibana--012933e759.json
@@ -0,0 +1,12 @@
+{
+  "canonical_id": "kibana--012933e759",
+  "system_id": "kibana",
+  "title": "Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530"
+  ]
+}
diff --git a/08-threat-intel/registry/triage/kibana--0fcd01159e.json b/08-threat-intel/registry/triage/kibana--0fcd01159e.json
new file mode 100644
index 00000000..31f02ed1
--- /dev/null
+++ b/08-threat-intel/registry/triage/kibana--0fcd01159e.json
@@ -0,0 +1,12 @@
+{
+  "canonical_id": "kibana--0fcd01159e",
+  "system_id": "kibana",
+  "title": "Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"
+  ]
+}
diff --git a/08-threat-intel/registry/triage/kibana--4bfdbe9da9.json b/08-threat-intel/registry/triage/kibana--4bfdbe9da9.json
new file mode 100644
index 00000000..1d4b82b2
--- /dev/null
+++ b/08-threat-intel/registry/triage/kibana--4bfdbe9da9.json
@@ -0,0 +1,12 @@
+{
+  "canonical_id": "kibana--4bfdbe9da9",
+  "system_id": "kibana",
+  "title": "Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531"
+  ]
+}
diff --git a/08-threat-intel/registry/triage/kibana--4d0ef3a07b.json b/08-threat-intel/registry/triage/kibana--4d0ef3a07b.json
new file mode 100644
index 00000000..862cfe19
--- /dev/null
+++ b/08-threat-intel/registry/triage/kibana--4d0ef3a07b.json
@@ -0,0 +1,12 @@
+{
+  "canonical_id": "kibana--4d0ef3a07b",
+  "system_id": "kibana",
+  "title": "Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532"
+  ]
+}
diff --git a/08-threat-intel/registry/triage/kibana--844efe5dac.json b/08-threat-intel/registry/triage/kibana--844efe5dac.json
new file mode 100644
index 00000000..30fd6a25
--- /dev/null
+++ b/08-threat-intel/registry/triage/kibana--844efe5dac.json
@@ -0,0 +1,12 @@
+{
+  "canonical_id": "kibana--844efe5dac",
+  "system_id": "kibana",
+  "title": "Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535"
+  ]
+}
diff --git a/08-threat-intel/registry/triage/kibana--ca14c406d9.json b/08-threat-intel/registry/triage/kibana--ca14c406d9.json
new file mode 100644
index 00000000..4eb3b3cb
--- /dev/null
+++ b/08-threat-intel/registry/triage/kibana--ca14c406d9.json
@@ -0,0 +1,12 @@
+{
+  "canonical_id": "kibana--ca14c406d9",
+  "system_id": "kibana",
+  "title": "Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534"
+  ]
+}
diff --git a/08-threat-intel/source-map.yaml b/08-threat-intel/source-map.yaml
index f928e7e3..de9caf96 100644
--- a/08-threat-intel/source-map.yaml
+++ b/08-threat-intel/source-map.yaml
@@ -828,6 +828,9 @@ systems:
         advisory_mode: core
         keywords: [medusa]
         max_items: 50
+        status: retired
+        retired_reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Medusa]
       - name: OSV Medusa
         kind: osv-batch
         confidence: official
@@ -858,6 +861,9 @@ systems:
         advisory_mode: core
         keywords: [react]
         max_items: 50
+        status: retired
+        retired_reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV React]
       - name: GHSA React
         kind: ghsa-global
         ecosystem: npm
@@ -899,6 +905,9 @@ systems:
         advisory_mode: core
         keywords: [next.js, next]
         max_items: 50
+        status: retired
+        retired_reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Next.js]
       - name: GHSA Next.js
         kind: ghsa-global
         ecosystem: npm
@@ -938,6 +947,9 @@ systems:
         advisory_mode: core
         keywords: [vue]
         max_items: 50
+        status: retired
+        retired_reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Vue]
       - name: GHSA Vue
         kind: ghsa-global
         ecosystem: npm
@@ -979,6 +991,9 @@ systems:
         advisory_mode: core
         keywords: [nuxt]
         max_items: 50
+        status: retired
+        retired_reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Nuxt]
       - name: GHSA Nuxt
         kind: ghsa-global
         ecosystem: npm
@@ -1018,6 +1033,9 @@ systems:
         advisory_mode: core
         keywords: [vite]
         max_items: 50
+        status: retired
+        retired_reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Vite]
       - name: GHSA Vite
         kind: ghsa-global
         ecosystem: npm
@@ -2024,6 +2042,9 @@ systems:
         advisory_mode: server
         keywords: [caddy]
         max_items: 50
+        status: retired
+        retired_reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Caddy]
       - name: OSV Caddy
         kind: osv-batch
         confidence: official
@@ -2054,6 +2075,9 @@ systems:
         advisory_mode: server
         keywords: [traefik]
         max_items: 50
+        status: retired
+        retired_reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Traefik]
       - name: OSV Traefik
         kind: osv-batch
         confidence: official
@@ -2198,6 +2222,9 @@ systems:
         advisory_mode: core
         keywords: [gitea]
         max_items: 50
+        status: retired
+        retired_reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Gitea]
       - name: OSV Gitea
         kind: osv-batch
         confidence: official
diff --git a/docs/testing-completeness-report.md b/docs/testing-completeness-report.md
index 4b187048..77eda606 100644
--- a/docs/testing-completeness-report.md
+++ b/docs/testing-completeness-report.md
@@ -1,14 +1,14 @@
 # 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-19T09:30:58+00:00`
+- 生成时间: `2026-03-19T23:44:56+00:00`
 - 最新 advisory 完整度: `89/89` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
 - 人工/待补证据数量: `0`
 - 完整度百分比: `100.0%`
-- active source 全绿: `110/110`
+- active source 全绿: `101/101`
 - source open alerts: `0`
-- 最近一次 source 全绿: `2026-03-19T09:30:54+00:00`
+- 最近一次 source 全绿: `2026-03-19T23:44:51+00:00`
 
 ## 系统覆盖矩阵
 
@@ -30,8 +30,8 @@
 ## Ingest / Source 健康度
 
 - source failures: `0`
-- active sources: `110`
-- green sources: `110`
+- active sources: `101`
+- green sources: `101`
 - open alerts: `0`
 
 ## 剩余风险说明