更新: 114 个文件 - 2026-03-19 16:45:07

08-threat-intel/generated/dashboard/docs/architecture-library.html

@@ -87,7 +87,7 @@
       <h1>当前架构库镜像</h1>
       <div class="meta">工作台内置镜像页：当前架构库结构化数据镜像。</div>
       <pre>{
-  &quot;generated_at&quot;: &quot;2026-03-19T09:30:58+00:00&quot;,
+  &quot;generated_at&quot;: &quot;2026-03-19T23:44:56+00:00&quot;,
   &quot;title&quot;: &quot;当前架构库&quot;,
   &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
   &quot;sections&quot;: [
@@ -119,7 +119,7 @@
         },
         {
           &quot;label&quot;: &quot;当前漏洞条目&quot;,
-          &quot;value&quot;: &quot;2392&quot;
+          &quot;value&quot;: &quot;2399&quot;
         }
       ],
       &quot;fields&quot;: [
@@ -137,7 +137,7 @@
         },
         {
           &quot;label&quot;: &quot;生成时间&quot;,
-          &quot;value&quot;: &quot;2026-03-19T09:30:58+00:00&quot;
+          &quot;value&quot;: &quot;2026-03-19T23:44:56+00:00&quot;
         }
       ],
       &quot;links&quot;: [
@@ -5975,7 +5975,7 @@
         },
         {
           &quot;label&quot;: &quot;Advisory 数&quot;,
-          &quot;value&quot;: &quot;2392&quot;
+          &quot;value&quot;: &quot;2399&quot;
         },
         {
           &quot;label&quot;: &quot;状态类型&quot;,
@@ -5994,7 +5994,7 @@
           &quot;items&quot;: [
             {
               &quot;title&quot;: &quot;人工分诊&quot;,
-              &quot;summary&quot;: &quot;当前累计 2303 条。&quot;,
+              &quot;summary&quot;: &quot;当前累计 2310 条。&quot;,
               &quot;open&quot;: false,
               &quot;fields&quot;: [
                 {
@@ -6003,7 +6003,7 @@
                 },
                 {
                   &quot;label&quot;: &quot;数量&quot;,
-                  &quot;value&quot;: &quot;2303&quot;
+                  &quot;value&quot;: &quot;2310&quot;
                 }
               ]
             },

08-threat-intel/generated/dashboard/docs/coverage-matrix.html

@@ -116,16 +116,16 @@
 | HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
 | Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
-| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
+| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
 | Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
 | Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
 | Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
-| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
+| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
 | MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-19T18:48:06.587119Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |

08-threat-intel/generated/dashboard/docs/retired-sources.html

@@ -213,6 +213,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "caddy",
+    "display_name": "Caddy",
+    "source_name": "GitHub Caddy Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Caddy"
+    ],
+    "url": "https://github.com/caddyserver/caddy/security/advisories"
+  },
   {
     "system_id": "discourse",
     "display_name": "Discourse",
@@ -350,6 +362,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "gitea",
+    "display_name": "Gitea",
+    "source_name": "GitHub Gitea Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Gitea"
+    ],
+    "url": "https://github.com/go-gitea/gitea/security/advisories"
+  },
   {
     "system_id": "gitlab-ce",
     "display_name": "GitLab CE",
@@ -562,6 +586,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "medusa",
+    "display_name": "Medusa",
+    "source_name": "GitHub Medusa Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Medusa"
+    ],
+    "url": "https://github.com/medusajs/medusa/security/advisories"
+  },
   {
     "system_id": "moodle",
     "display_name": "Moodle",
@@ -623,6 +659,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "nextjs",
+    "display_name": "Next.js",
+    "source_name": "GitHub Next.js Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Next.js"
+    ],
+    "url": "https://github.com/vercel/next.js/security/advisories"
+  },
   {
     "system_id": "nginx",
     "display_name": "Nginx",
@@ -649,6 +697,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "nuxt",
+    "display_name": "Nuxt",
+    "source_name": "Nuxt Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Nuxt"
+    ],
+    "url": "https://github.com/nuxt/nuxt/security/advisories"
+  },
   {
     "system_id": "opencart",
     "display_name": "OpenCart",
@@ -739,6 +799,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "react",
+    "display_name": "React",
+    "source_name": "GitHub React Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV React"
+    ],
+    "url": "https://github.com/facebook/react/security/advisories"
+  },
   {
     "system_id": "redmine",
     "display_name": "Redmine",
@@ -840,6 +912,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "traefik",
+    "display_name": "Traefik",
+    "source_name": "GitHub Traefik Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Traefik"
+    ],
+    "url": "https://github.com/traefik/traefik/security/advisories"
+  },
   {
     "system_id": "undici",
     "display_name": "Undici",
@@ -877,6 +961,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "vite",
+    "display_name": "Vite",
+    "source_name": "Vite Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Vite"
+    ],
+    "url": "https://github.com/vitejs/vite/security/advisories"
+  },
   {
     "system_id": "vue",
     "display_name": "Vue",
@@ -890,6 +986,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "vue",
+    "display_name": "Vue",
+    "source_name": "Vue Security",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.",
+    "replacement_sources": [
+      "OSV Vue"
+    ],
+    "url": "https://github.com/vuejs/core/security"
+  },
   {
     "system_id": "webpack",
     "display_name": "webpack",

08-threat-intel/generated/dashboard/docs/source-catalog-audit.html

@@ -88,11 +88,11 @@
       <div class="meta">工作台内置镜像页：active/retired source、replacement map 与覆盖摘要。</div>
       <pre># Source Catalog Audit
 
-- generated_at: `2026-03-19T09:30:54+00:00`
+- generated_at: `2026-03-19T23:44:51+00:00`
 - systems: `62`
 - sources: `179`
-- active_sources: `110`
-- retired_sources: `69`
+- active_sources: `101`
+- retired_sources: `78`
 - systems_with_active_official: `61/62`
 - systems_with_machine_readable_source: `61/62`
 
@@ -108,6 +108,7 @@
 - `apache-tomcat` `NVD Tomcat` -&gt; replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
 - `aspnet-core` `NVD ASP.NET Core` -&gt; replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
 - `astro` `GitHub Global Advisories` -&gt; replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
+- `caddy` `GitHub Caddy Advisories` -&gt; replacements: `OSV Caddy` | reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `discourse` `Discourse Meta Security` -&gt; replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
 - `discourse` `GitHub Discourse Advisories` -&gt; replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
 - `django` `Django Security RSS` -&gt; replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
@@ -119,6 +120,7 @@
 - `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
 - `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
 - `ghost` `NVD Ghost` -&gt; replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
+- `gitea` `GitHub Gitea Advisories` -&gt; replacements: `OSV Gitea` | reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `gitlab-ce` `GitLab Security Releases` -&gt; replacements: `GitLab Security Releases Atom` | reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
 - `gitlab-ce` `NVD GitLab` -&gt; replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
 - `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
@@ -136,13 +138,16 @@
 - `mattermost` `NVD Mattermost` -&gt; replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
 - `mediawiki` `MediaWiki Security Releases` -&gt; replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
 - `mediawiki` `NVD MediaWiki` -&gt; replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
+- `medusa` `GitHub Medusa Advisories` -&gt; replacements: `OSV Medusa` | reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `moodle` `Moodle Security News` -&gt; replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic &quot;Discuss this topic&quot; anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
 - `moodle` `NVD Moodle` -&gt; replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
 - `nestjs` `GitHub Global Advisories` -&gt; replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
 - `nestjs` `NVD NestJS` -&gt; replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
 - `nextjs` `GitHub Global Advisories` -&gt; replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
+- `nextjs` `GitHub Next.js Advisories` -&gt; replacements: `OSV Next.js` | reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `nginx` `NVD NGINX` -&gt; replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
 - `nuxt` `GitHub Global Advisories` -&gt; replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
+- `nuxt` `Nuxt Security` -&gt; replacements: `OSV Nuxt` | reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `opencart` `NVD OpenCart` -&gt; replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
 - `openmage` `NVD OpenMage` -&gt; replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
 - `phpmyadmin` `NVD phpMyAdmin` -&gt; replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
@@ -150,6 +155,7 @@
 - `rails` `GitHub Global Advisories` -&gt; replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
 - `rails` `NVD Ruby on Rails` -&gt; replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
 - `react` `GitHub Global Advisories` -&gt; replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
+- `react` `GitHub React Advisories` -&gt; replacements: `OSV React` | reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `redmine` `NVD Redmine` -&gt; replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
 - `saleor` `NVD Saleor` -&gt; replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
 - `shopware` `NVD Shopware` -&gt; replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
@@ -158,10 +164,13 @@
 - `spring-security` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
 - `sveltekit` `GitHub Global Advisories` -&gt; replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
 - `symfony` `GitHub Global Advisories` -&gt; replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
+- `traefik` `GitHub Traefik Advisories` -&gt; replacements: `OSV Traefik` | reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `undici` `GitHub Global Advisories` -&gt; replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
 - `undici` `NVD Undici` -&gt; replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
 - `vite` `GitHub Global Advisories` -&gt; replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
+- `vite` `Vite Security` -&gt; replacements: `OSV Vite` | reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `vue` `GitHub Global Advisories` -&gt; replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
+- `vue` `Vue Security` -&gt; replacements: `OSV Vue` | reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
 - `webpack` `GitHub Global Advisories` -&gt; replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
 - `webpack` `NVD webpack` -&gt; replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
 - `werkzeug` `GitHub Global Advisories` -&gt; replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.

08-threat-intel/generated/dashboard/docs/source-map.html

@@ -916,6 +916,9 @@ systems:
         advisory_mode: core
         keywords: [medusa]
         max_items: 50
+        status: retired
+        retired_reason: OSV Medusa is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Medusa]
       - name: OSV Medusa
         kind: osv-batch
         confidence: official
@@ -946,6 +949,9 @@ systems:
         advisory_mode: core
         keywords: [react]
         max_items: 50
+        status: retired
+        retired_reason: OSV React is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV React]
       - name: GHSA React
         kind: ghsa-global
         ecosystem: npm
@@ -987,6 +993,9 @@ systems:
         advisory_mode: core
         keywords: [next.js, next]
         max_items: 50
+        status: retired
+        retired_reason: OSV Next.js is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Next.js]
       - name: GHSA Next.js
         kind: ghsa-global
         ecosystem: npm
@@ -1026,6 +1035,9 @@ systems:
         advisory_mode: core
         keywords: [vue]
         max_items: 50
+        status: retired
+        retired_reason: OSV Vue is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Vue]
       - name: GHSA Vue
         kind: ghsa-global
         ecosystem: npm
@@ -1067,6 +1079,9 @@ systems:
         advisory_mode: core
         keywords: [nuxt]
         max_items: 50
+        status: retired
+        retired_reason: OSV Nuxt is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Nuxt]
       - name: GHSA Nuxt
         kind: ghsa-global
         ecosystem: npm
@@ -1106,6 +1121,9 @@ systems:
         advisory_mode: core
         keywords: [vite]
         max_items: 50
+        status: retired
+        retired_reason: OSV Vite is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Vite]
       - name: GHSA Vite
         kind: ghsa-global
         ecosystem: npm
@@ -2112,6 +2130,9 @@ systems:
         advisory_mode: server
         keywords: [caddy]
         max_items: 50
+        status: retired
+        retired_reason: OSV Caddy is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Caddy]
       - name: OSV Caddy
         kind: osv-batch
         confidence: official
@@ -2142,6 +2163,9 @@ systems:
         advisory_mode: server
         keywords: [traefik]
         max_items: 50
+        status: retired
+        retired_reason: OSV Traefik is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Traefik]
       - name: OSV Traefik
         kind: osv-batch
         confidence: official
@@ -2286,6 +2310,9 @@ systems:
         advisory_mode: core
         keywords: [gitea]
         max_items: 50
+        status: retired
+        retired_reason: OSV Gitea is the active official machine-readable replacement; keeping GitHub HTML advisories active adds duplicate cold-start cost.
+        replacement_sources: [OSV Gitea]
       - name: OSV Gitea
         kind: osv-batch
         confidence: official

08-threat-intel/generated/dashboard/docs/testing-completeness-report.html

@@ -88,15 +88,15 @@
       <div class="meta">工作台内置镜像页：89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
       <pre># 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-19T09:30:58+00:00`
+- 生成时间: `2026-03-19T23:44:56+00:00`
 - 最新 advisory 完整度: `89/89` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
 - 人工/待补证据数量: `0`
 - 完整度百分比: `100.0%`
-- active source 全绿: `110/110`
+- active source 全绿: `101/101`
 - source open alerts: `0`
-- 最近一次 source 全绿: `2026-03-19T09:30:54+00:00`
+- 最近一次 source 全绿: `2026-03-19T23:44:51+00:00`
 
 ## 系统覆盖矩阵
 
@@ -118,8 +118,8 @@
 ## Ingest / Source 健康度
 
 - source failures: `0`
-- active sources: `110`
-- green sources: `110`
+- active sources: `101`
+- green sources: `101`
 - open alerts: `0`
 
 ## 剩余风险说明