hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 114 个文件 - 2026-03-19 16:45:07

浏览代码
这个提交包含在:
hao
2026-03-19 16:45:07 -07:00
父节点 2e67bff9a7
当前提交 49fe46ab89
修改 114 个文件,包含 6388 行新增1023 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

6
08-threat-intel/generated/coverage-matrix.md
查看文件

@@ -28,16 +28,16 @@
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |

609
08-threat-intel/generated/dashboard/advisories.json
查看文件

@@ -1838,6 +1838,195 @@
"refs": []
}
},
"kibana--844efe5dac": {
"canonical_id": "kibana--844efe5dac",
"title": "Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)",
"summary": "<p><strong>Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service</strong></p>\n<p>Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.6</li>\n<li>All versions from 9.3.0 up to and including 9.3.1</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The Timelion visualization plugin (visTypeTimelion) is enabled by default in Kibana and is listed under \"Legacy editors\" in the documentation.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.7, 9.3.2.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p><strong>Self-hosted</strong><br>\nUsers can set this property in the Kibana config YAML file <code>vis_type_timelion.enabled: false</code></p>\n<p><strong>Cloud</strong><br>\nThere are no workaround</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Look for JavaScript heap out of memory or FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed errors in Kibana server logs, which indicate the Node.js process crashed due to memory exhaustion.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26940<br>\n<strong>Problem Type:</strong> CWE-1284 - Improper Validation of Specified Quantity in Input<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535\">Read full topic</a></p>",
"display_name": "Kibana",
"system_id": "kibana",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Thu, 19 Mar 2026 16:59:58 +0000",
"updated_at": "Thu, 19 Mar 2026 16:59:58 +0000",
"official_source_url": "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"plugin-extension-trust-policy",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"kibana--ca14c406d9": {
"canonical_id": "kibana--ca14c406d9",
"title": "Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)",
"summary": "<p><strong>Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Object Injection (CAPEC-586). Exploitation requires an attacker to have high-privileged access (the <code>machine_learning_admin</code> role) to upload and deploy a specially crafted, malicious model to the Elasticsearch cluster that triggers known vulnerabilities CVE-2025-32434.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.7</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.1.7</li>\n<li>Versions 9.2.0+ were never affected</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The vulnerability affects Elasticsearch deployments that have ML nodes and where PyTorch-based NLP models can be uploaded and deployed.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.8, 9.1.8.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Ensure that only trusted users are granted the machine_learning_admin role. Revoke this role from any users who do not have a legitimate need to upload or manage ML models.</p>\n<p>Disable ML entirely: If ML functionality is not required, set xpack.ml.enabled: false in elasticsearch.yml on all nodes. Note that this disables all ML features, not just PyTorch model loading.</p>\n<p>Only use models from trusted sources: As stated in the official Elastic documentation: \"PyTorch models can execute code on your Elasticsearch server, exposing your cluster to potential security vulnerabilities. Only use models from trusted sources and never use models from unverified or unknown providers.\"</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: High ( 7.2 ) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H<br>\n<strong>CVE ID</strong>: CVE-2025-32434<br>\n<strong>Problem Type:</strong> CWE-502 - Deserialization of Untrusted Data<br>\n<strong>Impact:</strong> CAPEC-586 - Object Injection</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534\">Read full topic</a></p>",
"display_name": "Kibana",
"system_id": "kibana",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Thu, 19 Mar 2026 16:59:18 +0000",
"updated_at": "Thu, 19 Mar 2026 16:59:18 +0000",
"official_source_url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"file-upload-validation",
"dependency-upgrade-policy",
"deserialization-safety"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"kibana--0fcd01159e": {
"canonical_id": "kibana--0fcd01159e",
"title": "Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)",
"summary": "<p><strong>Improper Validation of Array Index in Packetbeat Leading to Denial of Service</strong></p>\n<p>Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.10</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nPacketbeat protocol parsing is enabled by default for configured protocols. Network traffic capture requires explicit configuration of network interfaces and protocols to monitor in packetbeat.yml. The vulnerable parsers are only active when their respective protocols are explicitly enabled in the configuration.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.11, 9.2.5.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Network Segmentation: Ensure Packetbeat instances only monitor trusted network segments and implement network-level controls to prevent untrusted sources from sending traffic to monitored interfaces. This will reduce the likelihood of exploitation.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<ul>\n<li>Frequent panic/crash events in Packetbeat logs</li>\n<li>Error messages related to index out of range or slice bounds violations</li>\n<li>Repeated restarts of the Packetbeat process</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26933<br>\n<strong>Problem Type:</strong> CWE-129 - Improper Validation of Array Index<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533\">Read full topic</a></p>",
"display_name": "Kibana",
"system_id": "kibana",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Thu, 19 Mar 2026 16:56:17 +0000",
"updated_at": "Thu, 19 Mar 2026 16:56:17 +0000",
"official_source_url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"kibana--4d0ef3a07b": {
"canonical_id": "kibana--4d0ef3a07b",
"title": "Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)",
"summary": "<p><strong>Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service</strong></p>\n<p>Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThe Prometheus <code>remote_write</code> module is not enabled by default in Metricbeat, so this issue only affects users who have enabled it.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.5 .</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<ol>\n<li>Disable the remote_write module if it is not required for operations:\n<ul>\n<li>Remove or comment out the Prometheus <code>remote_write</code> configuration block in <code>metricbeat.yml</code></li>\n<li>Restart Metricbeat to apply changes</li>\n</ul>\n</li>\n<li>Restrict network access using firewall rules or network policies:\n<ul>\n<li>Limit access to the <code>remote_write</code> endpoint to trusted Prometheus server IP addresses only</li>\n<li>Use host: \"localhost\" binding if the Prometheus server runs on the same host</li>\n</ul>\n</li>\n</ol>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Log Patterns:</p>\n<ul>\n<li>Metricbeat process termination with \u201cout of memory\" messages in system logs</li>\n<li>Repeated Metricbeat crashes or restarts when the Prometheus <code>remote_write</code> module is enabled</li>\n<li>OOM events in kernel logs <code>dmesg</code> or container orchestration logs targeting the Metricbeat process</li>\n</ul>\n<p>Audit Trail Indicators:</p>\n<ul>\n<li>Sudden memory consumption spikes in Metricbeat process metrics immediately preceding process termination</li>\n<li>Network connections from unexpected or unauthorized source IP addresses to the <code>remote_write</code> endpoint port</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26931<br>\n<strong>Problem Type:</strong> CWE-789 - Memory Allocation with Excessive Size Value<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532\">Read full topic</a></p>",
"display_name": "Kibana",
"system_id": "kibana",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Thu, 19 Mar 2026 16:54:15 +0000",
"updated_at": "Thu, 19 Mar 2026 16:54:15 +0000",
"official_source_url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"kibana--4bfdbe9da9": {
"canonical_id": "kibana--4bfdbe9da9",
"title": "Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)",
"summary": "<p><strong>Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an attacker to access sensitive information from previous buffer contents via Input Data Manipulation (CAPEC-153). Exploitation requires the attacker to produce specially crafted, malformed compressed input to a Kafka topic consumed by Logstash, causing the decompression process to expose residual data from reused output buffers that were not cleared between operations - CVE-2025-66566.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.15.0 up to and including 8.19.9</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.1.9</li>\n<li>All versions from 9.2.0 up to and including 9.2.3</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThis vulnerability is limited to Logstash deployments that have the logstash-integration-kafka plugin configured to consume from a Kafka topic to which the attacker can publish messages. The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.10, 9.1.10, 9.2.4.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p>Manually update the logstash-integration-kafka plugin to version 11.8.1 or higher using: bin/logstash-plugin update logstash-integration-kafka</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.9 ) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N<br>\n<strong>CVE ID</strong>: CVE-2025-66566<br>\n<strong>Problem Type:</strong> CWE-226 - Sensitive Information in Resource Not Removed Before Reuse<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531\">Read full topic</a></p>",
"display_name": "Kibana",
"system_id": "kibana",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Thu, 19 Mar 2026 16:53:51 +0000",
"updated_at": "Thu, 19 Mar 2026 16:53:51 +0000",
"official_source_url": "https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"plugin-extension-trust-policy",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"kibana--012933e759": {
"canonical_id": "kibana--012933e759",
"title": "Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)",
"summary": "<p><strong>Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration</strong></p>\n<p>Missing Authorization (CWE-862) in Kibana\u2019s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.11</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.5</li>\n<li>Version 9.3.0</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<ul>\n<li>Automated response actions require the appropriate Elastic Stack subscription or Serverless project feature tier, and hosts must have Elastic Agent installed with the Elastic Defend integration.</li>\n<li>Automated response actions are not enabled by default on detection rules. A user must explicitly configure them. However, the Elastic Defend feature privileges (Host Isolation, Process Operations) are set to None by default for new roles, meaning most users should not have these privileges unless explicitly granted. The vulnerability allows users without these privileges to bypass the restriction.</li>\n<li>The Update API is only vulnerable when response actions are being added to an existing rule that does not already have any response actions. If the rule already contains response actions, the existing authorization logic was applied.</li>\n</ul>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.12, 9.2.6, 9.3.1.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Update to the patched version as soon as possible. In the interim, restrict detection rule management privileges to users who are also authorized for endpoint response actions. Review existing rules for any unauthorized response action configurations that may have been added.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Audit all detection rules for response_actions configurations containing <code>.endpoint</code> action types (isolate, kill-process, suspend-process) that may have been added by unauthorized users.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N<br>\n<strong>CVE ID</strong>: CVE-2026-26939<br>\n<strong>Problem Type:</strong> CWE-862 - Missing Authorization<br>\n<strong>Impact:</strong> Accessing Functionality Not Properly Constrained by ACLs - CAPEC-1</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530\">Read full topic</a></p>",
"display_name": "Kibana",
"system_id": "kibana",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Thu, 19 Mar 2026 16:51:08 +0000",
"updated_at": "Thu, 19 Mar 2026 16:51:08 +0000",
"official_source_url": "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"haproxy--3164dd5e31": {
"canonical_id": "haproxy--3164dd5e31",
"title": "Don't panic: a low-risk strategy for Ingress NGINX retirement",
@@ -2698,6 +2887,237 @@
"refs": []
}
},
"mattermost--CVE-2026-22545": {
"canonical_id": "mattermost--CVE-2026-22545",
"title": "Mattermost fails to validate user's authentication method when processing account auth type switch",
"summary": "Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583",
"display_name": "Mattermost",
"system_id": "mattermost",
"category": "platforms",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-16T15:30:47Z",
"updated_at": "2026-03-19T19:31:20.982512Z",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
"secondary_source_urls": [
"https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-22545",
"GHSA-rv67-7w2g-7976"
],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27979": {
"canonical_id": "nextjs--CVE-2026-27979",
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
"summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:16:49Z",
"updated_at": "2026-03-19T18:48:06.587119Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27979",
"https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27979",
"GHSA-h27x-g6w4-24gq"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27980": {
"canonical_id": "nextjs--CVE-2026-27980",
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
"summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impact platforms that have their own image optimization capabilities, such as Vercel.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:17:06Z",
"updated_at": "2026-03-19T18:47:09.413134Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27980",
"https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27980",
"GHSA-3x4c-7xq6-9pq8"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27977": {
"canonical_id": "nextjs--CVE-2026-27977",
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T15:29:48Z",
"updated_at": "2026-03-19T18:32:38.608475Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27977",
"https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27977",
"GHSA-jcc7-9wpm-mj36"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27978": {
"canonical_id": "nextjs--CVE-2026-27978",
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
"summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T15:30:14Z",
"updated_at": "2026-03-19T18:31:23.523529Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27978",
"https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27978",
"GHSA-mq59-m269-xvcx"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-29057": {
"canonical_id": "nextjs--CVE-2026-29057",
"title": "Next.js: HTTP request smuggling in rewrites",
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:17:15Z",
"updated_at": "2026-03-19T17:59:01.302251Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-29057",
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.13",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-29057",
"GHSA-ggv3-7p47-pfv8"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"request-smuggling-boundary",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-2581": {
"canonical_id": "undici--CVE-2026-2581",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
@@ -2929,47 +3349,6 @@
"refs": []
}
},
"nextjs--CVE-2026-29057": {
"canonical_id": "nextjs--CVE-2026-29057",
"title": "Next.js: HTTP request smuggling in rewrites",
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:17:15Z",
"updated_at": "2026-03-18T22:02:16.858114Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-29057",
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.13",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-29057",
"GHSA-ggv3-7p47-pfv8"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"request-smuggling-boundary",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"traefik--CVE-2026-29777": {
"canonical_id": "traefik--CVE-2026-29777",
"title": "Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values",
@@ -4720,154 +5099,6 @@
"refs": []
}
},
"nextjs--CVE-2026-27979": {
"canonical_id": "nextjs--CVE-2026-27979",
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
"summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:16:49Z",
"updated_at": "2026-03-17T16:31:34.160932Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
"secondary_source_urls": [
"https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27979",
"GHSA-h27x-g6w4-24gq"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27980": {
"canonical_id": "nextjs--CVE-2026-27980",
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
"summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:17:06Z",
"updated_at": "2026-03-17T16:31:33.597080Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
"secondary_source_urls": [
"https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27980",
"GHSA-3x4c-7xq6-9pq8"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27978": {
"canonical_id": "nextjs--CVE-2026-27978",
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
"summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T15:30:14Z",
"updated_at": "2026-03-17T15:46:43.484729Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
"secondary_source_urls": [
"https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27978",
"GHSA-mq59-m269-xvcx"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27977": {
"canonical_id": "nextjs--CVE-2026-27977",
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T15:29:48Z",
"updated_at": "2026-03-17T15:46:26.028580Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
"secondary_source_urls": [
"https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-27977",
"GHSA-jcc7-9wpm-mj36"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"angular--CVE-2026-32635": {
"canonical_id": "angular--CVE-2026-32635",
"title": "Angular vulnerable to XSS in i18n attribute bindings",

12
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-19T09:30:58+00:00",
"generated_at": "2026-03-19T23:44:56+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -31,7 +31,7 @@
},
{
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
"value": "2392"
"value": "2399"
}
],
"fields": [
@@ -49,7 +49,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-19T09:30:58+00:00"
"value": "2026-03-19T23:44:56+00:00"
}
],
"links": [
@@ -5887,7 +5887,7 @@
},
{
"label": "Advisory \u6570",
"value": "2392"
"value": "2399"
},
{
"label": "\u72b6\u6001\u7c7b\u578b",
@@ -5906,7 +5906,7 @@
"items": [
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2303 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2310 \u6761\u3002",
"open": false,
"fields": [
{
@@ -5915,7 +5915,7 @@
},
{
"label": "\u6570\u91cf",
"value": "2303"
"value": "2310"
}
]
},

30
08-threat-intel/generated/dashboard/data/completeness.json
查看文件

@@ -1,7 +1,7 @@
{
"generated_at": "2026-03-19T09:30:58+00:00",
"generated_at": "2026-03-19T23:44:56+00:00",
"advisory_total": 89,
"registry_advisory_total": 2392,
"registry_advisory_total": 2399,
"scope": "latest-run-backed-advisories",
"latest_statuses": {
"verified-real": 89
@@ -172,31 +172,35 @@
"failures": []
},
"source_health": {
"active_source_count": 110,
"green_source_count": 110,
"active_source_count": 101,
"green_source_count": 101,
"failure_count": 0,
"last_fully_green_run": "2026-03-19T09:30:54+00:00",
"last_fully_green_run": "2026-03-19T23:44:51+00:00",
"open_alert_count": 0,
"resolved_alert_count": 4
},
"monitor_summary": {
"generated_at": "2026-03-19T09:30:54+00:00",
"active_source_count": 110,
"green_source_count": 110,
"generated_at": "2026-03-19T23:44:51+00:00",
"active_source_count": 101,
"green_source_count": 101,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 4,
"last_fully_green_run": "2026-03-19T09:30:54+00:00",
"last_fully_green_run": "2026-03-19T23:44:51+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 69
"retired_source_count": 78
},
"ingest": {
"new_count": 0,
"updated_count": 0,
"new_count": 7,
"updated_count": 5,
"failure_count": 0,
"systems_touched": []
"systems_touched": [
"kibana",
"mattermost",
"nextjs"
]
},
"validation": {
"passed": true,

20
08-threat-intel/generated/dashboard/data/monitor-summary.json
查看文件

@@ -1,21 +1,25 @@
{
"generated_at": "2026-03-19T09:30:54+00:00",
"active_source_count": 110,
"green_source_count": 110,
"generated_at": "2026-03-19T23:44:51+00:00",
"active_source_count": 101,
"green_source_count": 101,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 4,
"last_fully_green_run": "2026-03-19T09:30:54+00:00",
"last_fully_green_run": "2026-03-19T23:44:51+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 69
"retired_source_count": 78
},
"ingest": {
"new_count": 0,
"updated_count": 0,
"new_count": 7,
"updated_count": 5,
"failure_count": 0,
"systems_touched": []
"systems_touched": [
"kibana",
"mattermost",
"nextjs"
]
},
"validation": {
"passed": true,

231
08-threat-intel/generated/dashboard/data/source-catalog-audit.json
查看文件

@@ -1,9 +1,9 @@
{
"generated_at": "2026-03-19T09:30:54+00:00",
"generated_at": "2026-03-19T23:44:51+00:00",
"system_count": 62,
"source_count": 179,
"active_source_count": 110,
"retired_source_count": 69,
"active_source_count": 101,
"retired_source_count": 78,
"systems_with_active_official": 61,
"systems_with_machine_readable_source": 61,
"systems": [
@@ -118,9 +118,9 @@
"category": "servers",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -298,9 +298,9 @@
"category": "platforms",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -493,9 +493,9 @@
"category": "ecommerce",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -538,9 +538,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -583,9 +583,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -673,9 +673,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -823,9 +823,9 @@
"category": "servers",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -853,9 +853,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -868,9 +868,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -1065,6 +1065,18 @@
],
"url": ""
},
{
"system_id": "caddy",
"display_name": "Caddy",
"source_name": "GitHub Caddy Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Caddy"
],
"url": "https://github.com/caddyserver/caddy/security/advisories"
},
{
"system_id": "discourse",
"display_name": "Discourse",
@@ -1202,6 +1214,18 @@
],
"url": ""
},
{
"system_id": "gitea",
"display_name": "Gitea",
"source_name": "GitHub Gitea Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Gitea"
],
"url": "https://github.com/go-gitea/gitea/security/advisories"
},
{
"system_id": "gitlab-ce",
"display_name": "GitLab CE",
@@ -1414,6 +1438,18 @@
],
"url": ""
},
{
"system_id": "medusa",
"display_name": "Medusa",
"source_name": "GitHub Medusa Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Medusa"
],
"url": "https://github.com/medusajs/medusa/security/advisories"
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -1475,6 +1511,18 @@
],
"url": ""
},
{
"system_id": "nextjs",
"display_name": "Next.js",
"source_name": "GitHub Next.js Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Next.js"
],
"url": "https://github.com/vercel/next.js/security/advisories"
},
{
"system_id": "nginx",
"display_name": "Nginx",
@@ -1501,6 +1549,18 @@
],
"url": ""
},
{
"system_id": "nuxt",
"display_name": "Nuxt",
"source_name": "Nuxt Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Nuxt"
],
"url": "https://github.com/nuxt/nuxt/security/advisories"
},
{
"system_id": "opencart",
"display_name": "OpenCart",
@@ -1591,6 +1651,18 @@
],
"url": ""
},
{
"system_id": "react",
"display_name": "React",
"source_name": "GitHub React Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV React"
],
"url": "https://github.com/facebook/react/security/advisories"
},
{
"system_id": "redmine",
"display_name": "Redmine",
@@ -1692,6 +1764,18 @@
],
"url": ""
},
{
"system_id": "traefik",
"display_name": "Traefik",
"source_name": "GitHub Traefik Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Traefik"
],
"url": "https://github.com/traefik/traefik/security/advisories"
},
{
"system_id": "undici",
"display_name": "Undici",
@@ -1729,6 +1813,18 @@
],
"url": ""
},
{
"system_id": "vite",
"display_name": "Vite",
"source_name": "Vite Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Vite"
],
"url": "https://github.com/vitejs/vite/security/advisories"
},
{
"system_id": "vue",
"display_name": "Vue",
@@ -1742,6 +1838,18 @@
],
"url": ""
},
{
"system_id": "vue",
"display_name": "Vue",
"source_name": "Vue Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Vue"
],
"url": "https://github.com/vuejs/core/security"
},
{
"system_id": "webpack",
"display_name": "webpack",
@@ -1884,6 +1992,13 @@
"OSV Astro"
]
},
{
"system_id": "caddy",
"retired_source": "GitHub Caddy Advisories",
"replacement_sources": [
"OSV Caddy"
]
},
{
"system_id": "discourse",
"retired_source": "Discourse Meta Security",
@@ -1966,6 +2081,13 @@
"OSV Ghost"
]
},
{
"system_id": "gitea",
"retired_source": "GitHub Gitea Advisories",
"replacement_sources": [
"OSV Gitea"
]
},
{
"system_id": "gitlab-ce",
"retired_source": "GitLab Security Releases",
@@ -2093,6 +2215,13 @@
"OSV MediaWiki"
]
},
{
"system_id": "medusa",
"retired_source": "GitHub Medusa Advisories",
"replacement_sources": [
"OSV Medusa"
]
},
{
"system_id": "moodle",
"retired_source": "Moodle Security News",
@@ -2129,6 +2258,13 @@
"OSV Next.js"
]
},
{
"system_id": "nextjs",
"retired_source": "GitHub Next.js Advisories",
"replacement_sources": [
"OSV Next.js"
]
},
{
"system_id": "nginx",
"retired_source": "NVD NGINX",
@@ -2145,6 +2281,13 @@
"OSV Nuxt"
]
},
{
"system_id": "nuxt",
"retired_source": "Nuxt Security",
"replacement_sources": [
"OSV Nuxt"
]
},
{
"system_id": "opencart",
"retired_source": "NVD OpenCart",
@@ -2200,6 +2343,13 @@
"OSV React"
]
},
{
"system_id": "react",
"retired_source": "GitHub React Advisories",
"replacement_sources": [
"OSV React"
]
},
{
"system_id": "redmine",
"retired_source": "NVD Redmine",
@@ -2261,6 +2411,13 @@
"OSV Symfony"
]
},
{
"system_id": "traefik",
"retired_source": "GitHub Traefik Advisories",
"replacement_sources": [
"OSV Traefik"
]
},
{
"system_id": "undici",
"retired_source": "GitHub Global Advisories",
@@ -2283,6 +2440,13 @@
"OSV Vite"
]
},
{
"system_id": "vite",
"retired_source": "Vite Security",
"replacement_sources": [
"OSV Vite"
]
},
{
"system_id": "vue",
"retired_source": "GitHub Global Advisories",
@@ -2291,6 +2455,13 @@
"OSV Vue"
]
},
{
"system_id": "vue",
"retired_source": "Vue Security",
"replacement_sources": [
"OSV Vue"
]
},
{
"system_id": "webpack",
"retired_source": "GitHub Global Advisories",

428
08-threat-intel/generated/dashboard/data/source-health.json
查看文件

文件差异内容过多而无法显示 加载差异

12
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{
&quot;generated_at&quot;: &quot;2026-03-19T09:30:58+00:00&quot;,
&quot;generated_at&quot;: &quot;2026-03-19T23:44:56+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [
@@ -119,7 +119,7 @@
},
{
&quot;label&quot;: &quot;当前漏洞条目&quot;,
&quot;value&quot;: &quot;2392&quot;
&quot;value&quot;: &quot;2399&quot;
}
],
&quot;fields&quot;: [
@@ -137,7 +137,7 @@
},
{
&quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-19T09:30:58+00:00&quot;
&quot;value&quot;: &quot;2026-03-19T23:44:56+00:00&quot;
}
],
&quot;links&quot;: [
@@ -5975,7 +5975,7 @@
},
{
&quot;label&quot;: &quot;Advisory 数&quot;,
&quot;value&quot;: &quot;2392&quot;
&quot;value&quot;: &quot;2399&quot;
},
{
&quot;label&quot;: &quot;状态类型&quot;,
@@ -5994,7 +5994,7 @@
&quot;items&quot;: [
{
&quot;title&quot;: &quot;人工分诊&quot;,
&quot;summary&quot;: &quot;当前累计 2303 条。&quot;,
&quot;summary&quot;: &quot;当前累计 2310 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
@@ -6003,7 +6003,7 @@
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;2303&quot;
&quot;value&quot;: &quot;2310&quot;
}
]
},

6
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -116,16 +116,16 @@
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |

108
08-threat-intel/generated/dashboard/docs/retired-sources.html
查看文件

@@ -213,6 +213,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;caddy&quot;,
&quot;display_name&quot;: &quot;Caddy&quot;,
&quot;source_name&quot;: &quot;GitHub Caddy Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Caddy&quot;
],
&quot;url&quot;: &quot;https://github.com/caddyserver/caddy/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;discourse&quot;,
&quot;display_name&quot;: &quot;Discourse&quot;,
@@ -350,6 +362,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;gitea&quot;,
&quot;display_name&quot;: &quot;Gitea&quot;,
&quot;source_name&quot;: &quot;GitHub Gitea Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Gitea&quot;
],
&quot;url&quot;: &quot;https://github.com/go-gitea/gitea/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;gitlab-ce&quot;,
&quot;display_name&quot;: &quot;GitLab CE&quot;,
@@ -562,6 +586,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;medusa&quot;,
&quot;display_name&quot;: &quot;Medusa&quot;,
&quot;source_name&quot;: &quot;GitHub Medusa Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Medusa&quot;
],
&quot;url&quot;: &quot;https://github.com/medusajs/medusa/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;moodle&quot;,
&quot;display_name&quot;: &quot;Moodle&quot;,
@@ -623,6 +659,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nextjs&quot;,
&quot;display_name&quot;: &quot;Next.js&quot;,
&quot;source_name&quot;: &quot;GitHub Next.js Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Next.js&quot;
],
&quot;url&quot;: &quot;https://github.com/vercel/next.js/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;nginx&quot;,
&quot;display_name&quot;: &quot;Nginx&quot;,
@@ -649,6 +697,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nuxt&quot;,
&quot;display_name&quot;: &quot;Nuxt&quot;,
&quot;source_name&quot;: &quot;Nuxt Security&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Nuxt&quot;
],
&quot;url&quot;: &quot;https://github.com/nuxt/nuxt/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;opencart&quot;,
&quot;display_name&quot;: &quot;OpenCart&quot;,
@@ -739,6 +799,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;react&quot;,
&quot;display_name&quot;: &quot;React&quot;,
&quot;source_name&quot;: &quot;GitHub React Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV React&quot;
],
&quot;url&quot;: &quot;https://github.com/facebook/react/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;redmine&quot;,
&quot;display_name&quot;: &quot;Redmine&quot;,
@@ -840,6 +912,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;traefik&quot;,
&quot;display_name&quot;: &quot;Traefik&quot;,
&quot;source_name&quot;: &quot;GitHub Traefik Advisories&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Traefik&quot;
],
&quot;url&quot;: &quot;https://github.com/traefik/traefik/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;undici&quot;,
&quot;display_name&quot;: &quot;Undici&quot;,
@@ -877,6 +961,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;vite&quot;,
&quot;display_name&quot;: &quot;Vite&quot;,
&quot;source_name&quot;: &quot;Vite Security&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Vite&quot;
],
&quot;url&quot;: &quot;https://github.com/vitejs/vite/security/advisories&quot;
},
{
&quot;system_id&quot;: &quot;vue&quot;,
&quot;display_name&quot;: &quot;Vue&quot;,
@@ -890,6 +986,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;vue&quot;,
&quot;display_name&quot;: &quot;Vue&quot;,
&quot;source_name&quot;: &quot;Vue Security&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Vue&quot;
],
&quot;url&quot;: &quot;https://github.com/vuejs/core/security&quot;
},
{
&quot;system_id&quot;: &quot;webpack&quot;,
&quot;display_name&quot;: &quot;webpack&quot;,

15
08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
查看文件

@@ -88,11 +88,11 @@
<div class="meta">工作台内置镜像页active/retired source、replacement map 与覆盖摘要。</div>
<pre># Source Catalog Audit
- generated_at: `2026-03-19T09:30:54+00:00`
- generated_at: `2026-03-19T23:44:51+00:00`
- systems: `62`
- sources: `179`
- active_sources: `110`
- retired_sources: `69`
- active_sources: `101`
- retired_sources: `78`
- systems_with_active_official: `61/62`
- systems_with_machine_readable_source: `61/62`
@@ -108,6 +108,7 @@
- `apache-tomcat` `NVD Tomcat` -&gt; replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
- `aspnet-core` `NVD ASP.NET Core` -&gt; replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
- `astro` `GitHub Global Advisories` -&gt; replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
- `caddy` `GitHub Caddy Advisories` -&gt; replacements: `OSV Caddy` | reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `discourse` `Discourse Meta Security` -&gt; replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
- `discourse` `GitHub Discourse Advisories` -&gt; replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
- `django` `Django Security RSS` -&gt; replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
@@ -119,6 +120,7 @@
- `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
- `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
- `ghost` `NVD Ghost` -&gt; replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
- `gitea` `GitHub Gitea Advisories` -&gt; replacements: `OSV Gitea` | reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `gitlab-ce` `GitLab Security Releases` -&gt; replacements: `GitLab Security Releases Atom` | reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
- `gitlab-ce` `NVD GitLab` -&gt; replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
- `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
@@ -136,13 +138,16 @@
- `mattermost` `NVD Mattermost` -&gt; replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
- `mediawiki` `MediaWiki Security Releases` -&gt; replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
- `mediawiki` `NVD MediaWiki` -&gt; replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
- `medusa` `GitHub Medusa Advisories` -&gt; replacements: `OSV Medusa` | reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `moodle` `Moodle Security News` -&gt; replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic &quot;Discuss this topic&quot; anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
- `moodle` `NVD Moodle` -&gt; replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
- `nestjs` `GitHub Global Advisories` -&gt; replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
- `nestjs` `NVD NestJS` -&gt; replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
- `nextjs` `GitHub Global Advisories` -&gt; replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
- `nextjs` `GitHub Next.js Advisories` -&gt; replacements: `OSV Next.js` | reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `nginx` `NVD NGINX` -&gt; replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
- `nuxt` `GitHub Global Advisories` -&gt; replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
- `nuxt` `Nuxt Security` -&gt; replacements: `OSV Nuxt` | reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `opencart` `NVD OpenCart` -&gt; replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
- `openmage` `NVD OpenMage` -&gt; replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
- `phpmyadmin` `NVD phpMyAdmin` -&gt; replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
@@ -150,6 +155,7 @@
- `rails` `GitHub Global Advisories` -&gt; replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
- `rails` `NVD Ruby on Rails` -&gt; replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
- `react` `GitHub Global Advisories` -&gt; replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
- `react` `GitHub React Advisories` -&gt; replacements: `OSV React` | reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `redmine` `NVD Redmine` -&gt; replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
- `saleor` `NVD Saleor` -&gt; replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
- `shopware` `NVD Shopware` -&gt; replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
@@ -158,10 +164,13 @@
- `spring-security` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `sveltekit` `GitHub Global Advisories` -&gt; replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
- `symfony` `GitHub Global Advisories` -&gt; replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
- `traefik` `GitHub Traefik Advisories` -&gt; replacements: `OSV Traefik` | reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `undici` `GitHub Global Advisories` -&gt; replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
- `undici` `NVD Undici` -&gt; replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
- `vite` `GitHub Global Advisories` -&gt; replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
- `vite` `Vite Security` -&gt; replacements: `OSV Vite` | reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `vue` `GitHub Global Advisories` -&gt; replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
- `vue` `Vue Security` -&gt; replacements: `OSV Vue` | reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `webpack` `GitHub Global Advisories` -&gt; replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
- `webpack` `NVD webpack` -&gt; replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
- `werkzeug` `GitHub Global Advisories` -&gt; replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.

27
08-threat-intel/generated/dashboard/docs/source-map.html
查看文件

@@ -916,6 +916,9 @@ systems:
advisory_mode: core
keywords: [medusa]
max_items: 50
status: retired
retired_reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Medusa]
- name: OSV Medusa
kind: osv-batch
confidence: official
@@ -946,6 +949,9 @@ systems:
advisory_mode: core
keywords: [react]
max_items: 50
status: retired
retired_reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV React]
- name: GHSA React
kind: ghsa-global
ecosystem: npm
@@ -987,6 +993,9 @@ systems:
advisory_mode: core
keywords: [next.js, next]
max_items: 50
status: retired
retired_reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Next.js]
- name: GHSA Next.js
kind: ghsa-global
ecosystem: npm
@@ -1026,6 +1035,9 @@ systems:
advisory_mode: core
keywords: [vue]
max_items: 50
status: retired
retired_reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Vue]
- name: GHSA Vue
kind: ghsa-global
ecosystem: npm
@@ -1067,6 +1079,9 @@ systems:
advisory_mode: core
keywords: [nuxt]
max_items: 50
status: retired
retired_reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Nuxt]
- name: GHSA Nuxt
kind: ghsa-global
ecosystem: npm
@@ -1106,6 +1121,9 @@ systems:
advisory_mode: core
keywords: [vite]
max_items: 50
status: retired
retired_reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Vite]
- name: GHSA Vite
kind: ghsa-global
ecosystem: npm
@@ -2112,6 +2130,9 @@ systems:
advisory_mode: server
keywords: [caddy]
max_items: 50
status: retired
retired_reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Caddy]
- name: OSV Caddy
kind: osv-batch
confidence: official
@@ -2142,6 +2163,9 @@ systems:
advisory_mode: server
keywords: [traefik]
max_items: 50
status: retired
retired_reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Traefik]
- name: OSV Traefik
kind: osv-batch
confidence: official
@@ -2286,6 +2310,9 @@ systems:
advisory_mode: core
keywords: [gitea]
max_items: 50
status: retired
retired_reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Gitea]
- name: OSV Gitea
kind: osv-batch
confidence: official

10
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,15 +88,15 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-19T09:30:58+00:00`
- 生成时间: `2026-03-19T23:44:56+00:00`
- 最新 advisory 完整度: `89/89` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
- 人工/待补证据数量: `0`
- 完整度百分比: `100.0%`
- active source 全绿: `110/110`
- active source 全绿: `101/101`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-19T09:30:54+00:00`
- 最近一次 source 全绿: `2026-03-19T23:44:51+00:00`
## 系统覆盖矩阵
@@ -118,8 +118,8 @@
## Ingest / Source 健康度
- source failures: `0`
- active sources: `110`
- green sources: `110`
- active sources: `101`
- green sources: `101`
- open alerts: `0`
## 剩余风险说明

108
08-threat-intel/generated/dashboard/summary.json
查看文件

@@ -1,9 +1,9 @@
{
"generated_at": "2026-03-19T09:30:58+00:00",
"advisory_count": 2392,
"generated_at": "2026-03-19T23:44:56+00:00",
"advisory_count": 2399,
"run_count": 140,
"statuses": {
"triage-manual": 2303,
"triage-manual": 2310,
"verified-real": 89
},
"run_statuses": {
@@ -154,11 +154,11 @@
}
],
"monitoring": {
"active_source_count": 110,
"green_source_count": 110,
"active_source_count": 101,
"green_source_count": 101,
"source_failure_count": 0,
"open_alert_count": 0,
"last_fully_green_run": "2026-03-19T09:30:54+00:00"
"last_fully_green_run": "2026-03-19T23:44:51+00:00"
},
"systems": [
{
@@ -667,7 +667,7 @@
"manual": 40,
"browser_required": 0,
"browser_present": 21,
"latest_update": "2026-03-18T22:02:16.858114Z",
"latest_update": "2026-03-19T18:48:06.587119Z",
"category": "frameworks",
"tier": "history-full",
"output_dir": "07-framework-security/frameworks/nextjs",
@@ -872,6 +872,29 @@
}
]
},
{
"system_id": "kibana",
"display_name": "Kibana",
"total": 47,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 47,
"browser_required": 0,
"browser_present": 0,
"latest_update": "Thu, 19 Mar 2026 16:59:58 +0000",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/kibana",
"families": [
{
"family": "xss",
"total": 47,
"verified_real": 0,
"manual": 47
}
]
},
{
"system_id": "traefik",
"display_name": "Traefik",
@@ -965,29 +988,6 @@
}
]
},
{
"system_id": "kibana",
"display_name": "Kibana",
"total": 41,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 41,
"browser_required": 0,
"browser_present": 0,
"latest_update": "",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/kibana",
"families": [
{
"family": "xss",
"total": 41,
"verified_real": 0,
"manual": 41
}
]
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -1284,6 +1284,29 @@
}
]
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"total": 21,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 21,
"browser_required": 0,
"browser_present": 0,
"latest_update": "Fix Release Date",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/mattermost",
"families": [
{
"family": "xss",
"total": 21,
"verified_real": 0,
"manual": 21
}
]
},
{
"system_id": "react",
"display_name": "React",
@@ -1307,29 +1330,6 @@
}
]
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"total": 20,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 20,
"browser_required": 0,
"browser_present": 0,
"latest_update": "Fix Release Date",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/mattermost",
"families": [
{
"family": "xss",
"total": 20,
"verified_real": 0,
"manual": 20
}
]
},
{
"system_id": "medusa",
"display_name": "Medusa",
@@ -1969,7 +1969,7 @@
"verified_ratio": 100.0,
"complete": true,
"source_failure_count": 0,
"active_source_count": 110,
"active_source_count": 101,
"open_alert_count": 0
}
}

94
08-threat-intel/generated/dashboard/systems.json
查看文件

@@ -505,7 +505,7 @@
"manual": 40,
"browser_required": 0,
"browser_present": 21,
"latest_update": "2026-03-18T22:02:16.858114Z",
"latest_update": "2026-03-19T18:48:06.587119Z",
"category": "frameworks",
"tier": "history-full",
"output_dir": "07-framework-security/frameworks/nextjs",
@@ -710,6 +710,29 @@
}
]
},
{
"system_id": "kibana",
"display_name": "Kibana",
"total": 47,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 47,
"browser_required": 0,
"browser_present": 0,
"latest_update": "Thu, 19 Mar 2026 16:59:58 +0000",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/kibana",
"families": [
{
"family": "xss",
"total": 47,
"verified_real": 0,
"manual": 47
}
]
},
{
"system_id": "traefik",
"display_name": "Traefik",
@@ -803,29 +826,6 @@
}
]
},
{
"system_id": "kibana",
"display_name": "Kibana",
"total": 41,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 41,
"browser_required": 0,
"browser_present": 0,
"latest_update": "",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/kibana",
"families": [
{
"family": "xss",
"total": 41,
"verified_real": 0,
"manual": 41
}
]
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -1122,6 +1122,29 @@
}
]
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"total": 21,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 21,
"browser_required": 0,
"browser_present": 0,
"latest_update": "Fix Release Date",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/mattermost",
"families": [
{
"family": "xss",
"total": 21,
"verified_real": 0,
"manual": 21
}
]
},
{
"system_id": "react",
"display_name": "React",
@@ -1145,29 +1168,6 @@
}
]
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"total": 20,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 20,
"browser_required": 0,
"browser_present": 0,
"latest_update": "Fix Release Date",
"category": "platforms",
"tier": "rolling-24m",
"output_dir": "07-framework-security/platforms/mattermost",
"families": [
{
"family": "xss",
"total": 20,
"verified_real": 0,
"manual": 20
}
]
},
{
"system_id": "medusa",
"display_name": "Medusa",

12
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,11 +1,11 @@
# 最新同步摘要
- 渲染时间: `2026-03-19T09:30:58+00:00`
- 渲染时间: `2026-03-19T23:44:56+00:00`
- 系统数量: `62`
- Advisory 数量: `2348`
- 重点 Markdown 数量: `156`
- Advisory 数量: `2355`
- 重点 Markdown 数量: `157`
- Run Bundle 数量: `89`
- 新增记录: `0`
- 更新记录: `0`
- Triage 数量: `1169`
- 新增记录: `7`
- 更新记录: `5`
- Triage 数量: `1175`
- 失败的 source adapter: `0`

20
08-threat-intel/generated/monitor-summary.json
查看文件

@@ -1,21 +1,25 @@
{
"generated_at": "2026-03-19T09:30:54+00:00",
"active_source_count": 110,
"green_source_count": 110,
"generated_at": "2026-03-19T23:44:51+00:00",
"active_source_count": 101,
"green_source_count": 101,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 4,
"last_fully_green_run": "2026-03-19T09:30:54+00:00",
"last_fully_green_run": "2026-03-19T23:44:51+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 69
"retired_source_count": 78
},
"ingest": {
"new_count": 0,
"updated_count": 0,
"new_count": 7,
"updated_count": 5,
"failure_count": 0,
"systems_touched": []
"systems_touched": [
"kibana",
"mattermost",
"nextjs"
]
},
"validation": {
"passed": true,

108
08-threat-intel/generated/retired-sources.json
查看文件

@@ -125,6 +125,18 @@
],
"url": ""
},
{
"system_id": "caddy",
"display_name": "Caddy",
"source_name": "GitHub Caddy Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Caddy"
],
"url": "https://github.com/caddyserver/caddy/security/advisories"
},
{
"system_id": "discourse",
"display_name": "Discourse",
@@ -262,6 +274,18 @@
],
"url": ""
},
{
"system_id": "gitea",
"display_name": "Gitea",
"source_name": "GitHub Gitea Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Gitea"
],
"url": "https://github.com/go-gitea/gitea/security/advisories"
},
{
"system_id": "gitlab-ce",
"display_name": "GitLab CE",
@@ -474,6 +498,18 @@
],
"url": ""
},
{
"system_id": "medusa",
"display_name": "Medusa",
"source_name": "GitHub Medusa Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Medusa"
],
"url": "https://github.com/medusajs/medusa/security/advisories"
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -535,6 +571,18 @@
],
"url": ""
},
{
"system_id": "nextjs",
"display_name": "Next.js",
"source_name": "GitHub Next.js Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Next.js"
],
"url": "https://github.com/vercel/next.js/security/advisories"
},
{
"system_id": "nginx",
"display_name": "Nginx",
@@ -561,6 +609,18 @@
],
"url": ""
},
{
"system_id": "nuxt",
"display_name": "Nuxt",
"source_name": "Nuxt Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Nuxt"
],
"url": "https://github.com/nuxt/nuxt/security/advisories"
},
{
"system_id": "opencart",
"display_name": "OpenCart",
@@ -651,6 +711,18 @@
],
"url": ""
},
{
"system_id": "react",
"display_name": "React",
"source_name": "GitHub React Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV React"
],
"url": "https://github.com/facebook/react/security/advisories"
},
{
"system_id": "redmine",
"display_name": "Redmine",
@@ -752,6 +824,18 @@
],
"url": ""
},
{
"system_id": "traefik",
"display_name": "Traefik",
"source_name": "GitHub Traefik Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Traefik"
],
"url": "https://github.com/traefik/traefik/security/advisories"
},
{
"system_id": "undici",
"display_name": "Undici",
@@ -789,6 +873,18 @@
],
"url": ""
},
{
"system_id": "vite",
"display_name": "Vite",
"source_name": "Vite Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Vite"
],
"url": "https://github.com/vitejs/vite/security/advisories"
},
{
"system_id": "vue",
"display_name": "Vue",
@@ -802,6 +898,18 @@
],
"url": ""
},
{
"system_id": "vue",
"display_name": "Vue",
"source_name": "Vue Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Vue"
],
"url": "https://github.com/vuejs/core/security"
},
{
"system_id": "webpack",
"display_name": "webpack",

18
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,12 +1,16 @@
{
"generated_at": "2026-03-19T09:30:58+00:00",
"generated_at": "2026-03-19T23:44:56+00:00",
"system_count": 62,
"advisory_count": 2348,
"markdown_count": 156,
"new_count": 0,
"updated_count": 0,
"systems_touched": [],
"triage_count": 1169,
"advisory_count": 2355,
"markdown_count": 157,
"new_count": 7,
"updated_count": 5,
"systems_touched": [
"kibana",
"mattermost",
"nextjs"
],
"triage_count": 1175,
"run_bundle_count": 89,
"failures": []
}

231
08-threat-intel/generated/source-catalog-audit.json
查看文件

@@ -1,9 +1,9 @@
{
"generated_at": "2026-03-19T09:30:54+00:00",
"generated_at": "2026-03-19T23:44:51+00:00",
"system_count": 62,
"source_count": 179,
"active_source_count": 110,
"retired_source_count": 69,
"active_source_count": 101,
"retired_source_count": 78,
"systems_with_active_official": 61,
"systems_with_machine_readable_source": 61,
"systems": [
@@ -118,9 +118,9 @@
"category": "servers",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -298,9 +298,9 @@
"category": "platforms",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -493,9 +493,9 @@
"category": "ecommerce",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -538,9 +538,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -583,9 +583,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -673,9 +673,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -823,9 +823,9 @@
"category": "servers",
"tier": "rolling-24m",
"source_total": 2,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -853,9 +853,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -868,9 +868,9 @@
"category": "frameworks",
"tier": "history-full",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 1,
@@ -1065,6 +1065,18 @@
],
"url": ""
},
{
"system_id": "caddy",
"display_name": "Caddy",
"source_name": "GitHub Caddy Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Caddy"
],
"url": "https://github.com/caddyserver/caddy/security/advisories"
},
{
"system_id": "discourse",
"display_name": "Discourse",
@@ -1202,6 +1214,18 @@
],
"url": ""
},
{
"system_id": "gitea",
"display_name": "Gitea",
"source_name": "GitHub Gitea Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Gitea"
],
"url": "https://github.com/go-gitea/gitea/security/advisories"
},
{
"system_id": "gitlab-ce",
"display_name": "GitLab CE",
@@ -1414,6 +1438,18 @@
],
"url": ""
},
{
"system_id": "medusa",
"display_name": "Medusa",
"source_name": "GitHub Medusa Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Medusa"
],
"url": "https://github.com/medusajs/medusa/security/advisories"
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -1475,6 +1511,18 @@
],
"url": ""
},
{
"system_id": "nextjs",
"display_name": "Next.js",
"source_name": "GitHub Next.js Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Next.js"
],
"url": "https://github.com/vercel/next.js/security/advisories"
},
{
"system_id": "nginx",
"display_name": "Nginx",
@@ -1501,6 +1549,18 @@
],
"url": ""
},
{
"system_id": "nuxt",
"display_name": "Nuxt",
"source_name": "Nuxt Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Nuxt"
],
"url": "https://github.com/nuxt/nuxt/security/advisories"
},
{
"system_id": "opencart",
"display_name": "OpenCart",
@@ -1591,6 +1651,18 @@
],
"url": ""
},
{
"system_id": "react",
"display_name": "React",
"source_name": "GitHub React Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV React"
],
"url": "https://github.com/facebook/react/security/advisories"
},
{
"system_id": "redmine",
"display_name": "Redmine",
@@ -1692,6 +1764,18 @@
],
"url": ""
},
{
"system_id": "traefik",
"display_name": "Traefik",
"source_name": "GitHub Traefik Advisories",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Traefik"
],
"url": "https://github.com/traefik/traefik/security/advisories"
},
{
"system_id": "undici",
"display_name": "Undici",
@@ -1729,6 +1813,18 @@
],
"url": ""
},
{
"system_id": "vite",
"display_name": "Vite",
"source_name": "Vite Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Vite"
],
"url": "https://github.com/vitejs/vite/security/advisories"
},
{
"system_id": "vue",
"display_name": "Vue",
@@ -1742,6 +1838,18 @@
],
"url": ""
},
{
"system_id": "vue",
"display_name": "Vue",
"source_name": "Vue Security",
"bucket": "official_sources",
"kind": "html-links",
"retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
"replacement_sources": [
"OSV Vue"
],
"url": "https://github.com/vuejs/core/security"
},
{
"system_id": "webpack",
"display_name": "webpack",
@@ -1884,6 +1992,13 @@
"OSV Astro"
]
},
{
"system_id": "caddy",
"retired_source": "GitHub Caddy Advisories",
"replacement_sources": [
"OSV Caddy"
]
},
{
"system_id": "discourse",
"retired_source": "Discourse Meta Security",
@@ -1966,6 +2081,13 @@
"OSV Ghost"
]
},
{
"system_id": "gitea",
"retired_source": "GitHub Gitea Advisories",
"replacement_sources": [
"OSV Gitea"
]
},
{
"system_id": "gitlab-ce",
"retired_source": "GitLab Security Releases",
@@ -2093,6 +2215,13 @@
"OSV MediaWiki"
]
},
{
"system_id": "medusa",
"retired_source": "GitHub Medusa Advisories",
"replacement_sources": [
"OSV Medusa"
]
},
{
"system_id": "moodle",
"retired_source": "Moodle Security News",
@@ -2129,6 +2258,13 @@
"OSV Next.js"
]
},
{
"system_id": "nextjs",
"retired_source": "GitHub Next.js Advisories",
"replacement_sources": [
"OSV Next.js"
]
},
{
"system_id": "nginx",
"retired_source": "NVD NGINX",
@@ -2145,6 +2281,13 @@
"OSV Nuxt"
]
},
{
"system_id": "nuxt",
"retired_source": "Nuxt Security",
"replacement_sources": [
"OSV Nuxt"
]
},
{
"system_id": "opencart",
"retired_source": "NVD OpenCart",
@@ -2200,6 +2343,13 @@
"OSV React"
]
},
{
"system_id": "react",
"retired_source": "GitHub React Advisories",
"replacement_sources": [
"OSV React"
]
},
{
"system_id": "redmine",
"retired_source": "NVD Redmine",
@@ -2261,6 +2411,13 @@
"OSV Symfony"
]
},
{
"system_id": "traefik",
"retired_source": "GitHub Traefik Advisories",
"replacement_sources": [
"OSV Traefik"
]
},
{
"system_id": "undici",
"retired_source": "GitHub Global Advisories",
@@ -2283,6 +2440,13 @@
"OSV Vite"
]
},
{
"system_id": "vite",
"retired_source": "Vite Security",
"replacement_sources": [
"OSV Vite"
]
},
{
"system_id": "vue",
"retired_source": "GitHub Global Advisories",
@@ -2291,6 +2455,13 @@
"OSV Vue"
]
},
{
"system_id": "vue",
"retired_source": "Vue Security",
"replacement_sources": [
"OSV Vue"
]
},
{
"system_id": "webpack",
"retired_source": "GitHub Global Advisories",

15
08-threat-intel/generated/source-catalog-audit.md
查看文件

@@ -1,10 +1,10 @@
# Source Catalog Audit
- generated_at: `2026-03-19T09:30:54+00:00`
- generated_at: `2026-03-19T23:44:51+00:00`
- systems: `62`
- sources: `179`
- active_sources: `110`
- retired_sources: `69`
- active_sources: `101`
- retired_sources: `78`
- systems_with_active_official: `61/62`
- systems_with_machine_readable_source: `61/62`
@@ -20,6 +20,7 @@
- `apache-tomcat` `NVD Tomcat` -> replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
- `aspnet-core` `NVD ASP.NET Core` -> replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
- `caddy` `GitHub Caddy Advisories` -> replacements: `OSV Caddy` | reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
@@ -31,6 +32,7 @@
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
- `ghost` `NVD Ghost` -> replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
- `gitea` `GitHub Gitea Advisories` -> replacements: `OSV Gitea` | reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `gitlab-ce` `GitLab Security Releases` -> replacements: `GitLab Security Releases Atom` | reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
- `gitlab-ce` `NVD GitLab` -> replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
@@ -48,13 +50,16 @@
- `mattermost` `NVD Mattermost` -> replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
- `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
- `mediawiki` `NVD MediaWiki` -> replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
- `medusa` `GitHub Medusa Advisories` -> replacements: `OSV Medusa` | reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
- `moodle` `NVD Moodle` -> replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
- `nestjs` `NVD NestJS` -> replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
- `nextjs` `GitHub Next.js Advisories` -> replacements: `OSV Next.js` | reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `nginx` `NVD NGINX` -> replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
- `nuxt` `Nuxt Security` -> replacements: `OSV Nuxt` | reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `opencart` `NVD OpenCart` -> replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
- `openmage` `NVD OpenMage` -> replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
- `phpmyadmin` `NVD phpMyAdmin` -> replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
@@ -62,6 +67,7 @@
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
- `rails` `NVD Ruby on Rails` -> replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
- `react` `GitHub React Advisories` -> replacements: `OSV React` | reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `redmine` `NVD Redmine` -> replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
- `saleor` `NVD Saleor` -> replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
- `shopware` `NVD Shopware` -> replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
@@ -70,10 +76,13 @@
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
- `traefik` `GitHub Traefik Advisories` -> replacements: `OSV Traefik` | reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
- `undici` `NVD Undici` -> replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
- `vite` `Vite Security` -> replacements: `OSV Vite` | reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
- `vue` `Vue Security` -> replacements: `OSV Vue` | reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
- `webpack` `NVD webpack` -> replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.

428
08-threat-intel/generated/source-health.json
查看文件

文件差异内容过多而无法显示 加载差异

60
08-threat-intel/registry/advisories/kibana--012933e759.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "kibana--012933e759",
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"advisory_mode": "core",
"title": "Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)",
"summary": "<p><strong>Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration</strong></p>\n<p>Missing Authorization (CWE-862) in Kibana\u2019s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.11</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.5</li>\n<li>Version 9.3.0</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<ul>\n<li>Automated response actions require the appropriate Elastic Stack subscription or Serverless project feature tier, and hosts must have Elastic Agent installed with the Elastic Defend integration.</li>\n<li>Automated response actions are not enabled by default on detection rules. A user must explicitly configure them. However, the Elastic Defend feature privileges (Host Isolation, Process Operations) are set to None by default for new roles, meaning most users should not have these privileges unless explicitly granted. The vulnerability allows users without these privileges to bypass the restriction.</li>\n<li>The Update API is only vulnerable when response actions are being added to an existing rule that does not already have any response actions. If the rule already contains response actions, the existing authorization logic was applied.</li>\n</ul>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.12, 9.2.6, 9.3.1.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Update to the patched version as soon as possible. In the interim, restrict detection rule management privileges to users who are also authorized for endpoint response actions. Review existing rules for any unauthorized response action configurations that may have been added.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Audit all detection rules for response_actions configurations containing <code>.endpoint</code> action types (isolate, kill-process, suspend-process) that may have been added by unauthorized users.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N<br>\n<strong>CVE ID</strong>: CVE-2026-26939<br>\n<strong>Problem Type:</strong> CWE-862 - Missing Authorization<br>\n<strong>Impact:</strong> Accessing Functionality Not Properly Constrained by ACLs - CAPEC-1</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530\">Read full topic</a></p>",
"published_at": "Thu, 19 Mar 2026 16:51:08 +0000",
"updated_at": "Thu, 19 Mar 2026 16:51:08 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"dependency-upgrade-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Elastic Security Announcements RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1
}
}

59
08-threat-intel/registry/advisories/kibana--0fcd01159e.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "kibana--0fcd01159e",
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"advisory_mode": "core",
"title": "Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)",
"summary": "<p><strong>Improper Validation of Array Index in Packetbeat Leading to Denial of Service</strong></p>\n<p>Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.10</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nPacketbeat protocol parsing is enabled by default for configured protocols. Network traffic capture requires explicit configuration of network interfaces and protocols to monitor in packetbeat.yml. The vulnerable parsers are only active when their respective protocols are explicitly enabled in the configuration.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.11, 9.2.5.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Network Segmentation: Ensure Packetbeat instances only monitor trusted network segments and implement network-level controls to prevent untrusted sources from sending traffic to monitored interfaces. This will reduce the likelihood of exploitation.</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<ul>\n<li>Frequent panic/crash events in Packetbeat logs</li>\n<li>Error messages related to index out of range or slice bounds violations</li>\n<li>Repeated restarts of the Packetbeat process</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26933<br>\n<strong>Problem Type:</strong> CWE-129 - Improper Validation of Array Index<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533\">Read full topic</a></p>",
"published_at": "Thu, 19 Mar 2026 16:56:17 +0000",
"updated_at": "Thu, 19 Mar 2026 16:56:17 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Elastic Security Announcements RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/kibana--4bfdbe9da9.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "kibana--4bfdbe9da9",
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"advisory_mode": "core",
"title": "Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)",
"summary": "<p><strong>Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an attacker to access sensitive information from previous buffer contents via Input Data Manipulation (CAPEC-153). Exploitation requires the attacker to produce specially crafted, malformed compressed input to a Kafka topic consumed by Logstash, causing the decompression process to expose residual data from reused output buffers that were not cleared between operations - CVE-2025-66566.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.15.0 up to and including 8.19.9</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.1.9</li>\n<li>All versions from 9.2.0 up to and including 9.2.3</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThis vulnerability is limited to Logstash deployments that have the logstash-integration-kafka plugin configured to consume from a Kafka topic to which the attacker can publish messages. The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.10, 9.1.10, 9.2.4.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>The attacker requires network access to the Kafka cluster and sufficient Kafka-level permissions (e.g., Kafka ACLs, if configured) to publish messages to the target topic.</p>\n<p>Manually update the logstash-integration-kafka plugin to version 11.8.1 or higher using: bin/logstash-plugin update logstash-integration-kafka</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.9 ) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N<br>\n<strong>CVE ID</strong>: CVE-2025-66566<br>\n<strong>Problem Type:</strong> CWE-226 - Sensitive Information in Resource Not Removed Before Reuse<br>\n<strong>Impact:</strong> CAPEC-153 - Input Data Manipulation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531\">Read full topic</a></p>",
"published_at": "Thu, 19 Mar 2026 16:53:51 +0000",
"updated_at": "Thu, 19 Mar 2026 16:53:51 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"plugin-extension-trust-policy",
"dependency-upgrade-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Elastic Security Announcements RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/kibana--4d0ef3a07b.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "kibana--4d0ef3a07b",
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"advisory_mode": "core",
"title": "Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)",
"summary": "<p><strong>Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service</strong></p>\n<p>Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.2.4</li>\n</ul>\n<p><strong>Affected Configurations:</strong><br>\nThe Prometheus <code>remote_write</code> module is not enabled by default in Metricbeat, so this issue only affects users who have enabled it.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.5 .</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<ol>\n<li>Disable the remote_write module if it is not required for operations:\n<ul>\n<li>Remove or comment out the Prometheus <code>remote_write</code> configuration block in <code>metricbeat.yml</code></li>\n<li>Restart Metricbeat to apply changes</li>\n</ul>\n</li>\n<li>Restrict network access using firewall rules or network policies:\n<ul>\n<li>Limit access to the <code>remote_write</code> endpoint to trusted Prometheus server IP addresses only</li>\n<li>Use host: \"localhost\" binding if the Prometheus server runs on the same host</li>\n</ul>\n</li>\n</ol>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Log Patterns:</p>\n<ul>\n<li>Metricbeat process termination with \u201cout of memory\" messages in system logs</li>\n<li>Repeated Metricbeat crashes or restarts when the Prometheus <code>remote_write</code> module is enabled</li>\n<li>OOM events in kernel logs <code>dmesg</code> or container orchestration logs targeting the Metricbeat process</li>\n</ul>\n<p>Audit Trail Indicators:</p>\n<ul>\n<li>Sudden memory consumption spikes in Metricbeat process metrics immediately preceding process termination</li>\n<li>Network connections from unexpected or unauthorized source IP addresses to the <code>remote_write</code> endpoint port</li>\n</ul>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26931<br>\n<strong>Problem Type:</strong> CWE-789 - Memory Allocation with Excessive Size Value<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532\">Read full topic</a></p>",
"published_at": "Thu, 19 Mar 2026 16:54:15 +0000",
"updated_at": "Thu, 19 Mar 2026 16:54:15 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Elastic Security Announcements RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/kibana--844efe5dac.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "kibana--844efe5dac",
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"advisory_mode": "core",
"title": "Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)",
"summary": "<p><strong>Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service</strong></p>\n<p>Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.12</li>\n<li>9.x:\n<ul>\n<li>All versions from 9.0.0 up to and including 9.2.6</li>\n<li>All versions from 9.3.0 up to and including 9.3.1</li>\n</ul>\n</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The Timelion visualization plugin (visTypeTimelion) is enabled by default in Kibana and is listed under \"Legacy editors\" in the documentation.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.13, 9.2.7, 9.3.2.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p><strong>Self-hosted</strong><br>\nUsers can set this property in the Kibana config YAML file <code>vis_type_timelion.enabled: false</code></p>\n<p><strong>Cloud</strong><br>\nThere are no workaround</p>\n<p><strong>Indicators of Compromise (IOC)</strong></p>\n<p>Look for JavaScript heap out of memory or FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed errors in Kibana server logs, which indicate the Node.js process crashed due to memory exhaustion.</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H<br>\n<strong>CVE ID</strong>: CVE-2026-26940<br>\n<strong>Problem Type:</strong> CWE-1284 - Improper Validation of Specified Quantity in Input<br>\n<strong>Impact:</strong> CAPEC-130 - Excessive Allocation</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535\">Read full topic</a></p>",
"published_at": "Thu, 19 Mar 2026 16:59:58 +0000",
"updated_at": "Thu, 19 Mar 2026 16:59:58 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"plugin-extension-trust-policy",
"dependency-upgrade-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Elastic Security Announcements RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/kibana--ca14c406d9.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "kibana--ca14c406d9",
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"advisory_mode": "core",
"title": "Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)",
"summary": "<p><strong>Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution</strong></p>\n<p>Dependency on Vulnerable Third-Party Component (CWE-1395) exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Object Injection (CAPEC-586). Exploitation requires an attacker to have high-privileged access (the <code>machine_learning_admin</code> role) to upload and deploy a specially crafted, malicious model to the Elasticsearch cluster that triggers known vulnerabilities CVE-2025-32434.</p>\n<p><strong>Affected Versions:</strong></p>\n<ul>\n<li>8.x: All versions from 8.0.0 up to and including 8.19.7</li>\n<li>9.x: All versions from 9.0.0 up to and including 9.1.7</li>\n<li>Versions 9.2.0+ were never affected</li>\n</ul>\n<p><strong>Affected Configurations:</strong></p>\n<p>The vulnerability affects Elasticsearch deployments that have ML nodes and where PyTorch-based NLP models can be uploaded and deployed.</p>\n<p><strong>Solutions and Mitigations:</strong></p>\n<p>The issue is resolved in version 8.19.8, 9.1.8.</p>\n<p><strong>For Users that Cannot Upgrade:</strong></p>\n<p>Ensure that only trusted users are granted the machine_learning_admin role. Revoke this role from any users who do not have a legitimate need to upload or manage ML models.</p>\n<p>Disable ML entirely: If ML functionality is not required, set xpack.ml.enabled: false in elasticsearch.yml on all nodes. Note that this disables all ML features, not just PyTorch model loading.</p>\n<p>Only use models from trusted sources: As stated in the official Elastic documentation: \"PyTorch models can execute code on your Elasticsearch server, exposing your cluster to potential security vulnerabilities. Only use models from trusted sources and never use models from unverified or unknown providers.\"</p>\n<p><strong>Elastic Cloud Serverless</strong></p>\n<p>Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.</p>\n<p><strong>Severity:</strong> CVSSv3.1: High ( 7.2 ) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H<br>\n<strong>CVE ID</strong>: CVE-2025-32434<br>\n<strong>Problem Type:</strong> CWE-502 - Deserialization of Untrusted Data<br>\n<strong>Impact:</strong> CAPEC-586 - Object Injection</p>\n <p><small>1 post - 1 participant</small></p>\n <p><a href=\"https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534\">Read full topic</a></p>",
"published_at": "Thu, 19 Mar 2026 16:59:18 +0000",
"updated_at": "Thu, 19 Mar 2026 16:59:18 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary",
"file-upload-validation",
"dependency-upgrade-policy",
"deserialization-safety"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Elastic Security Announcements RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1
}
}

83
08-threat-intel/registry/advisories/mattermost--CVE-2026-22545.json 普通文件
查看文件

@@ -0,0 +1,83 @@
{
"canonical_id": "mattermost--CVE-2026-22545",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to validate user's authentication method when processing account auth type switch",
"summary": "Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583",
"published_at": "2026-03-16T15:30:47Z",
"updated_at": "2026-03-19T19:31:20.982512Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
"secondary_source_urls": [
"https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-22545",
"GHSA-rv67-7w2g-7976"
],
"cve_ids": [
"CVE-2026-22545"
],
"ghsa_ids": [
"GHSA-rv67-7w2g-7976"
],
"osv_ids": [
"GHSA-rv67-7w2g-7976"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988",
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1"
],
"fixed_versions": [
"8.0.0-20260127144908-ced9a56e3988",
"5.3.2-0.20260127144908-ced9a56e3988",
"10.11.11",
"11.2.3",
"11.3.1"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

3
08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
查看文件

@@ -7,13 +7,14 @@
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
"published_at": "2026-03-17T15:29:48Z",
"updated_at": "2026-03-17T15:46:26.028580Z",
"updated_at": "2026-03-19T18:32:38.608475Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27977",
"https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"

3
08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json
查看文件

@@ -7,13 +7,14 @@
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
"summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
"published_at": "2026-03-17T15:30:14Z",
"updated_at": "2026-03-17T15:46:43.484729Z",
"updated_at": "2026-03-19T18:31:23.523529Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27978",
"https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"

3
08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json
查看文件

@@ -7,13 +7,14 @@
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
"summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
"published_at": "2026-03-17T16:16:49Z",
"updated_at": "2026-03-17T16:31:34.160932Z",
"updated_at": "2026-03-19T18:48:06.587119Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27979",
"https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"

11
08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json
查看文件

@@ -5,15 +5,16 @@
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
"summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
"summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impact platforms that have their own image optimization capabilities, such as Vercel.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
"published_at": "2026-03-17T16:17:06Z",
"updated_at": "2026-03-17T16:31:33.597080Z",
"updated_at": "2026-03-19T18:47:09.413134Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27980",
"https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
@@ -32,10 +33,12 @@
"GHSA-3x4c-7xq6-9pq8"
],
"affected_versions": [
"introduced=10.0.0, fixed<16.1.7"
"introduced=16.0.0-beta.0, fixed<16.1.7",
"introduced=10.0.0, fixed<15.5.14"
],
"fixed_versions": [
"16.1.7"
"16.1.7",
"15.5.14"
],
"package_name": "next",
"render_markdown": true,

2
08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
查看文件

@@ -7,7 +7,7 @@
"title": "Next.js: HTTP request smuggling in rewrites",
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
"published_at": "2026-03-17T16:17:15Z",
"updated_at": "2026-03-18T22:02:16.858114Z",
"updated_at": "2026-03-19T17:59:01.302251Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",

3975
08-threat-intel/registry/monitoring/2026-03-19T23-44-51+00-00.json 普通文件
查看文件

文件差异内容过多而无法显示 加载差异

14
08-threat-intel/registry/systems/kibana.json
查看文件

@@ -3,10 +3,10 @@
"display_name": "Kibana",
"category": "platforms",
"tier": "rolling-24m",
"total": 41,
"total": 47,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"triage_count": 6,
"latest_update": "Thu, 19 Mar 2026 16:59:58 +0000",
"output_dir": "07-framework-security/platforms/kibana",
"secure_code_topics": [
"authz-server-side-recheck",
@@ -16,8 +16,14 @@
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 41,
"manual_count": 47,
"items": [
"kibana--844efe5dac",
"kibana--ca14c406d9",
"kibana--0fcd01159e",
"kibana--4d0ef3a07b",
"kibana--4bfdbe9da9",
"kibana--012933e759",
"kibana--02f2023a8a",
"kibana--082700f544",
"kibana--0e828e6029",

7
08-threat-intel/registry/systems/mattermost.json
查看文件

@@ -3,8 +3,8 @@
"display_name": "Mattermost",
"category": "platforms",
"tier": "rolling-24m",
"total": 20,
"markdown_cases": 20,
"total": 21,
"markdown_cases": 21,
"triage_count": 0,
"latest_update": "Fix Release Date",
"output_dir": "07-framework-security/platforms/mattermost",
@@ -16,9 +16,10 @@
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 20,
"manual_count": 21,
"items": [
"mattermost--Issue Identifier",
"mattermost--CVE-2026-22545",
"mattermost--CVE-2026-4265",
"mattermost--MMSA-2026-00574",
"mattermost--MMSA-2026-00603",

2
08-threat-intel/registry/systems/nextjs.json
查看文件

@@ -6,7 +6,7 @@
"total": 66,
"markdown_cases": 41,
"triage_count": 25,
"latest_update": "2026-03-18T22:02:16.858114Z",
"latest_update": "2026-03-19T18:48:06.587119Z",
"output_dir": "07-framework-security/frameworks/nextjs",
"secure_code_topics": [
"authz-server-side-recheck",

12
08-threat-intel/registry/triage/kibana--012933e759.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"canonical_id": "kibana--012933e759",
"system_id": "kibana",
"title": "Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)",
"reasons": [
"missing affected/fixed version details"
],
"candidate_count": 1,
"references": [
"https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530"
]
}

12
08-threat-intel/registry/triage/kibana--0fcd01159e.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"canonical_id": "kibana--0fcd01159e",
"system_id": "kibana",
"title": "Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)",
"reasons": [
"missing affected/fixed version details"
],
"candidate_count": 1,
"references": [
"https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"
]
}

12
08-threat-intel/registry/triage/kibana--4bfdbe9da9.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"canonical_id": "kibana--4bfdbe9da9",
"system_id": "kibana",
"title": "Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)",
"reasons": [
"missing affected/fixed version details"
],
"candidate_count": 1,
"references": [
"https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531"
]
}

12
08-threat-intel/registry/triage/kibana--4d0ef3a07b.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"canonical_id": "kibana--4d0ef3a07b",
"system_id": "kibana",
"title": "Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)",
"reasons": [
"missing affected/fixed version details"
],
"candidate_count": 1,
"references": [
"https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532"
]
}

12
08-threat-intel/registry/triage/kibana--844efe5dac.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"canonical_id": "kibana--844efe5dac",
"system_id": "kibana",
"title": "Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)",
"reasons": [
"missing affected/fixed version details"
],
"candidate_count": 1,
"references": [
"https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535"
]
}

12
08-threat-intel/registry/triage/kibana--ca14c406d9.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"canonical_id": "kibana--ca14c406d9",
"system_id": "kibana",
"title": "Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)",
"reasons": [
"missing affected/fixed version details"
],
"candidate_count": 1,
"references": [
"https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534"
]
}

27
08-threat-intel/source-map.yaml
查看文件

@@ -828,6 +828,9 @@ systems:
advisory_mode: core
keywords: [medusa]
max_items: 50
status: retired
retired_reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Medusa]
- name: OSV Medusa
kind: osv-batch
confidence: official
@@ -858,6 +861,9 @@ systems:
advisory_mode: core
keywords: [react]
max_items: 50
status: retired
retired_reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV React]
- name: GHSA React
kind: ghsa-global
ecosystem: npm
@@ -899,6 +905,9 @@ systems:
advisory_mode: core
keywords: [next.js, next]
max_items: 50
status: retired
retired_reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Next.js]
- name: GHSA Next.js
kind: ghsa-global
ecosystem: npm
@@ -938,6 +947,9 @@ systems:
advisory_mode: core
keywords: [vue]
max_items: 50
status: retired
retired_reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Vue]
- name: GHSA Vue
kind: ghsa-global
ecosystem: npm
@@ -979,6 +991,9 @@ systems:
advisory_mode: core
keywords: [nuxt]
max_items: 50
status: retired
retired_reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Nuxt]
- name: GHSA Nuxt
kind: ghsa-global
ecosystem: npm
@@ -1018,6 +1033,9 @@ systems:
advisory_mode: core
keywords: [vite]
max_items: 50
status: retired
retired_reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Vite]
- name: GHSA Vite
kind: ghsa-global
ecosystem: npm
@@ -2024,6 +2042,9 @@ systems:
advisory_mode: server
keywords: [caddy]
max_items: 50
status: retired
retired_reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Caddy]
- name: OSV Caddy
kind: osv-batch
confidence: official
@@ -2054,6 +2075,9 @@ systems:
advisory_mode: server
keywords: [traefik]
max_items: 50
status: retired
retired_reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Traefik]
- name: OSV Traefik
kind: osv-batch
confidence: official
@@ -2198,6 +2222,9 @@ systems:
advisory_mode: core
keywords: [gitea]
max_items: 50
status: retired
retired_reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
replacement_sources: [OSV Gitea]
- name: OSV Gitea
kind: osv-batch
confidence: official