diff --git a/07-framework-security/cms/directus/INDEX.md b/07-framework-security/cms/directus/INDEX.md
index 4742bd79..d38f2930 100644
--- a/07-framework-security/cms/directus/INDEX.md
+++ b/07-framework-security/cms/directus/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/discourse/INDEX.md b/07-framework-security/cms/discourse/INDEX.md
index 3ad38568..19820b8c 100644
--- a/07-framework-security/cms/discourse/INDEX.md
+++ b/07-framework-security/cms/discourse/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/drupal/INDEX.md b/07-framework-security/cms/drupal/INDEX.md
index 7d80c310..c235b9e5 100644
--- a/07-framework-security/cms/drupal/INDEX.md
+++ b/07-framework-security/cms/drupal/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/ghost/INDEX.md b/07-framework-security/cms/ghost/INDEX.md
index 21dc3b69..c5c22aa2 100644
--- a/07-framework-security/cms/ghost/INDEX.md
+++ b/07-framework-security/cms/ghost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/joomla/INDEX.md b/07-framework-security/cms/joomla/INDEX.md
index 592bfbc3..a44221b2 100644
--- a/07-framework-security/cms/joomla/INDEX.md
+++ b/07-framework-security/cms/joomla/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/mediawiki/INDEX.md b/07-framework-security/cms/mediawiki/INDEX.md
index e4164a0b..c4d7b074 100644
--- a/07-framework-security/cms/mediawiki/INDEX.md
+++ b/07-framework-security/cms/mediawiki/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/moodle/INDEX.md b/07-framework-security/cms/moodle/INDEX.md
index 44eded2d..798253b0 100644
--- a/07-framework-security/cms/moodle/INDEX.md
+++ b/07-framework-security/cms/moodle/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/strapi/INDEX.md b/07-framework-security/cms/strapi/INDEX.md
index 2d12ac1f..321c0a99 100644
--- a/07-framework-security/cms/strapi/INDEX.md
+++ b/07-framework-security/cms/strapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/wordpress/INDEX.md b/07-framework-security/cms/wordpress/INDEX.md
index 232fefc2..e5faae0a 100644
--- a/07-framework-security/cms/wordpress/INDEX.md
+++ b/07-framework-security/cms/wordpress/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/adobe-commerce/INDEX.md b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
index 3bb2900b..a10debfe 100644
--- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md
+++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/magento-open-source/INDEX.md b/07-framework-security/ecommerce/magento-open-source/INDEX.md
index 949c2644..c89244b2 100644
--- a/07-framework-security/ecommerce/magento-open-source/INDEX.md
+++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/medusa/INDEX.md b/07-framework-security/ecommerce/medusa/INDEX.md
index 4ea80da6..4485a9d1 100644
--- a/07-framework-security/ecommerce/medusa/INDEX.md
+++ b/07-framework-security/ecommerce/medusa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/opencart/INDEX.md b/07-framework-security/ecommerce/opencart/INDEX.md
index 2aa32447..051918b5 100644
--- a/07-framework-security/ecommerce/opencart/INDEX.md
+++ b/07-framework-security/ecommerce/opencart/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/openmage/INDEX.md b/07-framework-security/ecommerce/openmage/INDEX.md
index 3d7f293e..0b327dbf 100644
--- a/07-framework-security/ecommerce/openmage/INDEX.md
+++ b/07-framework-security/ecommerce/openmage/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/prestashop/INDEX.md b/07-framework-security/ecommerce/prestashop/INDEX.md
index 79fa978c..9000a92e 100644
--- a/07-framework-security/ecommerce/prestashop/INDEX.md
+++ b/07-framework-security/ecommerce/prestashop/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/saleor/INDEX.md b/07-framework-security/ecommerce/saleor/INDEX.md
index 120c41a6..2dbfc323 100644
--- a/07-framework-security/ecommerce/saleor/INDEX.md
+++ b/07-framework-security/ecommerce/saleor/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/shopware/INDEX.md b/07-framework-security/ecommerce/shopware/INDEX.md
index 77134295..22ebdf2d 100644
--- a/07-framework-security/ecommerce/shopware/INDEX.md
+++ b/07-framework-security/ecommerce/shopware/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/woocommerce/INDEX.md b/07-framework-security/ecommerce/woocommerce/INDEX.md
index 075ec53d..a97fb38f 100644
--- a/07-framework-security/ecommerce/woocommerce/INDEX.md
+++ b/07-framework-security/ecommerce/woocommerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/angular/INDEX.md b/07-framework-security/frameworks/angular/INDEX.md
index de85b6f3..255c6a14 100644
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/aspnet-core/INDEX.md b/07-framework-security/frameworks/aspnet-core/INDEX.md
index d5a283f2..273efa93 100644
--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/astro/INDEX.md b/07-framework-security/frameworks/astro/INDEX.md
index 572de80f..ac5fb623 100644
--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/django/INDEX.md b/07-framework-security/frameworks/django/INDEX.md
index 84ca5425..abfa2b0f 100644
--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/echo/INDEX.md b/07-framework-security/frameworks/echo/INDEX.md
index dcc4d1d8..b92dcdff 100644
--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/esbuild/INDEX.md b/07-framework-security/frameworks/esbuild/INDEX.md
index 3b1b724c..cbb0de3b 100644
--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/express/INDEX.md b/07-framework-security/frameworks/express/INDEX.md
index b9a95dc0..f57ca45d 100644
--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/fastify/INDEX.md b/07-framework-security/frameworks/fastify/INDEX.md
index 328a6541..5a049189 100644
--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/flask/INDEX.md b/07-framework-security/frameworks/flask/INDEX.md
index 2fd983ec..e84ee3e1 100644
--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/gin/INDEX.md b/07-framework-security/frameworks/gin/INDEX.md
index 63072b5a..36fb0dd2 100644
--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/hapi/INDEX.md b/07-framework-security/frameworks/hapi/INDEX.md
index 385368cc..1a5aae4b 100644
--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/koa/INDEX.md b/07-framework-security/frameworks/koa/INDEX.md
index 96674f38..e95d5c4b 100644
--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/laravel/INDEX.md b/07-framework-security/frameworks/laravel/INDEX.md
index e750bfec..d61d1276 100644
--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nestjs/INDEX.md b/07-framework-security/frameworks/nestjs/INDEX.md
index 2da00e8f..51decc0a 100644
--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nextjs/INDEX.md b/07-framework-security/frameworks/nextjs/INDEX.md
index 89b372cd..f8888122 100644
--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `nextjs`
 - 分类: `frameworks`
 - 覆盖策略: `history-full`
-- 总案例数: `26`
+- 总案例数: `5`
 - 近 30 天新增/更新: `5`
-- 重点 Markdown 案例数: `26`
-- 已实证(真实版本): `26`
+- 重点 Markdown 案例数: `5`
+- 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:08+00:00`
+- 待人工/缺浏览器证据: `5`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
@@ -32,29 +32,8 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
-| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
-| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
-| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
-| Next Server Actions Source Code Exposure  | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
-| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
-| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
-| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
-| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
-| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
-| Next.JS vulnerability can lead to DoS via cache poisoning  | `low` | `generated` | `verified-real` | `real` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
-| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
-| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
-| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
-| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
-| Authorization Bypass in Next.js Middleware | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
-| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
-| Next.js authorization bypass vulnerability | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
-| Denial of Service condition in Next.js image optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
-| Next.js Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
-| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
-| Unexpected server crash in Next.js. | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
-| XSS in Image Optimization API for Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
-| Open Redirect in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
-| Open Redirect in Next.js versions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
-| Directory Traversal in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
+| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:26.646070Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
+| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
+| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
+| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
+| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
new file mode 100644
index 00000000..09cf7bec
--- /dev/null
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
@@ -0,0 +1,96 @@
+---
+title: "Next.js: null origin can bypass dev HMR websocket CSRF checks"
+system_id: "nextjs"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-17T15:29:48Z"
+updated_date: "2026-03-17T15:46:26.028580Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "official-source"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-27977"
+  - "GHSA-jcc7-9wpm-mj36"
+affected_versions:
+  - "introduced=16.0.1, fixed<16.1.7"
+fixed_versions:
+  - "16.1.7"
+secure_code_topics:
+  - "authz-server-side-recheck"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36"
+---
+
+# Next.js: null origin can bypass dev HMR websocket CSRF checks
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `official-source`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `nextjs--CVE-2026-27977`
+- 系统: `nextjs`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36
+- 影响版本: `introduced=16.0.1, fixed<16.1.7`
+- 修复版本: `16.1.7`
+
+## 其他来源
+
+- https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a
+- https://github.com/vercel/next.js
+- https://github.com/vercel/next.js/releases/tag/v16.1.7
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
+- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
+- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
+- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
+- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
+- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
+- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
+- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
new file mode 100644
index 00000000..0aaa6be4
--- /dev/null
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
@@ -0,0 +1,96 @@
+---
+title: "Next.js: null origin can bypass Server Actions CSRF checks"
+system_id: "nextjs"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-17T15:30:14Z"
+updated_date: "2026-03-17T15:46:43.484729Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "official-source"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-27978"
+  - "GHSA-mq59-m269-xvcx"
+affected_versions:
+  - "introduced=16.0.1, fixed<16.1.7"
+fixed_versions:
+  - "16.1.7"
+secure_code_topics:
+  - "authz-server-side-recheck"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx"
+---
+
+# Next.js: null origin can bypass Server Actions CSRF checks
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `official-source`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `nextjs--CVE-2026-27978`
+- 系统: `nextjs`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx
+- 影响版本: `introduced=16.0.1, fixed<16.1.7`
+- 修复版本: `16.1.7`
+
+## 其他来源
+
+- https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8
+- https://github.com/vercel/next.js
+- https://github.com/vercel/next.js/releases/tag/v16.1.7
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
+- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
+- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
+- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
+- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
+- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
+- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
+- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
new file mode 100644
index 00000000..ce693495
--- /dev/null
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
@@ -0,0 +1,96 @@
+---
+title: "Next.js: Unbounded postponed resume buffering can lead to DoS"
+system_id: "nextjs"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-17T16:16:49Z"
+updated_date: "2026-03-17T16:31:34.160932Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "official-source"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-27979"
+  - "GHSA-h27x-g6w4-24gq"
+affected_versions:
+  - "introduced=16.0.1, fixed<16.1.7"
+fixed_versions:
+  - "16.1.7"
+secure_code_topics:
+  - "authz-server-side-recheck"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq"
+---
+
+# Next.js: Unbounded postponed resume buffering can lead to DoS
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `official-source`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `nextjs--CVE-2026-27979`
+- 系统: `nextjs`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq
+- 影响版本: `introduced=16.0.1, fixed<16.1.7`
+- 修复版本: `16.1.7`
+
+## 其他来源
+
+- https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1
+- https://github.com/vercel/next.js
+- https://github.com/vercel/next.js/releases/tag/v16.1.7
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
+- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
+- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
+- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
+- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
+- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
+- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
+- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
new file mode 100644
index 00000000..a9bf3d87
--- /dev/null
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
@@ -0,0 +1,96 @@
+---
+title: "Next.js: Unbounded next/image disk cache growth can exhaust storage"
+system_id: "nextjs"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-17T16:17:06Z"
+updated_date: "2026-03-17T16:31:33.597080Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "official-source"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-27980"
+  - "GHSA-3x4c-7xq6-9pq8"
+affected_versions:
+  - "introduced=10.0.0, fixed<16.1.7"
+fixed_versions:
+  - "16.1.7"
+secure_code_topics:
+  - "authz-server-side-recheck"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8"
+---
+
+# Next.js: Unbounded next/image disk cache growth can exhaust storage
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `official-source`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `nextjs--CVE-2026-27980`
+- 系统: `nextjs`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8
+- 影响版本: `introduced=10.0.0, fixed<16.1.7`
+- 修复版本: `16.1.7`
+
+## 其他来源
+
+- https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd
+- https://github.com/vercel/next.js
+- https://github.com/vercel/next.js/releases/tag/v16.1.7
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
+- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
+- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
+- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
+- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
+- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
+- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
+- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
new file mode 100644
index 00000000..80f48200
--- /dev/null
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
@@ -0,0 +1,117 @@
+---
+title: "Next.js: HTTP request smuggling in rewrites"
+system_id: "nextjs"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-17T16:17:15Z"
+updated_date: "2026-03-17T16:31:26.646070Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "official-source"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-29057"
+  - "GHSA-ggv3-7p47-pfv8"
+affected_versions:
+  - "introduced=16.0.0-beta.0, fixed<16.1.7"
+  - "introduced=9.5.0, fixed<15.5.13"
+fixed_versions:
+  - "16.1.7"
+  - "15.5.13"
+secure_code_topics:
+  - "authz-server-side-recheck"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+  - "request-smuggling-boundary"
+  - "dependency-upgrade-policy"
+primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8"
+---
+
+# Next.js: HTTP request smuggling in rewrites
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `official-source`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `nextjs--CVE-2026-29057`
+- 系统: `nextjs`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8
+- 影响版本: `introduced=16.0.0-beta.0, fixed<16.1.7, introduced=9.5.0, fixed<15.5.13`
+- 修复版本: `16.1.7, 15.5.13`
+
+## 其他来源
+
+- https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6
+- https://github.com/vercel/next.js
+- https://github.com/vercel/next.js/releases/tag/v15.5.13
+- https://github.com/vercel/next.js/releases/tag/v16.1.7
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
+- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
+- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
+- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
+- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
+- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
+- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
+- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
+- [javascript-typescript:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/request-smuggling-boundary.md)
+- [nodejs:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/request-smuggling-boundary.md)
+- [java:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/java/request-smuggling-boundary.md)
+- [php:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/php/request-smuggling-boundary.md)
+- [python:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/python/request-smuggling-boundary.md)
+- [ruby:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/ruby/request-smuggling-boundary.md)
+- [csharp:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/csharp/request-smuggling-boundary.md)
+- [go:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/go/request-smuggling-boundary.md)
+- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
+- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
+- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
+- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
+- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
+- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
+- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
+- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
diff --git a/07-framework-security/frameworks/nodejs/INDEX.md b/07-framework-security/frameworks/nodejs/INDEX.md
index 6834b86c..372d2e4b 100644
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nuxt/INDEX.md b/07-framework-security/frameworks/nuxt/INDEX.md
index fed9299b..0b39eaa2 100644
--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:08+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/rails/INDEX.md b/07-framework-security/frameworks/rails/INDEX.md
index 38df4e50..95fdebb7 100644
--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/react/INDEX.md b/07-framework-security/frameworks/react/INDEX.md
index 83189278..2e696178 100644
--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:05+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-boot/INDEX.md b/07-framework-security/frameworks/spring-boot/INDEX.md
index 435031b5..915266c8 100644
--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-framework/INDEX.md b/07-framework-security/frameworks/spring-framework/INDEX.md
index 7ef6e6bc..b4f71038 100644
--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-security/INDEX.md b/07-framework-security/frameworks/spring-security/INDEX.md
index a165694c..2550fe4c 100644
--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/sveltekit/INDEX.md b/07-framework-security/frameworks/sveltekit/INDEX.md
index 52dfddcf..db084ce5 100644
--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/symfony/INDEX.md b/07-framework-security/frameworks/symfony/INDEX.md
index 81e5609e..4a304f31 100644
--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/undici/INDEX.md b/07-framework-security/frameworks/undici/INDEX.md
index d30118f9..01425bda 100644
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `undici`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `14`
-- 近 30 天新增/更新: `7`
-- 重点 Markdown 案例数: `14`
-- 已实证(真实版本): `14`
+- 总案例数: `0`
+- 近 30 天新增/更新: `0`
+- 重点 Markdown 案例数: `0`
+- 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
@@ -31,17 +31,4 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
-| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
-| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
-| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
-| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
-| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
-| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
-| undici Denial of Service attack via bad certificate data | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
-| Use of Insufficiently Random Values in undici | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
-| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `verified-real` | `real` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
-| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `verified-real` | `real` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
-| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
-| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
-| ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
diff --git a/07-framework-security/frameworks/vite/INDEX.md b/07-framework-security/frameworks/vite/INDEX.md
index 1de45d6e..57ea0f02 100644
--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `vite`
 - 分类: `frameworks`
 - 覆盖策略: `history-full`
-- 总案例数: `12`
+- 总案例数: `0`
 - 近 30 天新增/更新: `0`
-- 重点 Markdown 案例数: `12`
-- 已实证(真实版本): `12`
+- 重点 Markdown 案例数: `0`
+- 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:09+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
@@ -32,15 +32,4 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
-| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
-| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
-| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
-| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
-| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
-| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
-| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
-| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
-| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
-| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
-| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
diff --git a/07-framework-security/frameworks/vue/INDEX.md b/07-framework-security/frameworks/vue/INDEX.md
index 6abfad67..c1692bc0 100644
--- a/07-framework-security/frameworks/vue/INDEX.md
+++ b/07-framework-security/frameworks/vue/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:08+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/webpack/INDEX.md b/07-framework-security/frameworks/webpack/INDEX.md
index 9f393206..dc3d9f27 100644
--- a/07-framework-security/frameworks/webpack/INDEX.md
+++ b/07-framework-security/frameworks/webpack/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/werkzeug/INDEX.md b/07-framework-security/frameworks/werkzeug/INDEX.md
index f6373273..0a34839a 100644
--- a/07-framework-security/frameworks/werkzeug/INDEX.md
+++ b/07-framework-security/frameworks/werkzeug/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/adminer/INDEX.md b/07-framework-security/platforms/adminer/INDEX.md
index 7ec9128c..455b50f8 100644
--- a/07-framework-security/platforms/adminer/INDEX.md
+++ b/07-framework-security/platforms/adminer/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/gitea/INDEX.md b/07-framework-security/platforms/gitea/INDEX.md
index a727427e..ef92f40c 100644
--- a/07-framework-security/platforms/gitea/INDEX.md
+++ b/07-framework-security/platforms/gitea/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `gitea`
 - 分类: `platforms`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `37`
-- 近 30 天新增/更新: `37`
-- 重点 Markdown 案例数: `37`
-- 已实证(真实版本): `37`
+- 总案例数: `0`
+- 近 30 天新增/更新: `0`
+- 重点 Markdown 案例数: `0`
+- 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
@@ -31,40 +31,4 @@
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:54.518308Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md) |
-| Gitea has improper access control for uploaded attachments in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:53.977351Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md) |
-| Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:57.697708Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md) |
-| Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:54.012782Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md) |
-| Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:54.692700Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md) |
-| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:56.025932Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md) |
-| Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:55.339967Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md) |
-| Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:54.244003Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md) |
-| Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) |
-| Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) |
-| Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) |
-| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
-| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) |
-| Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) |
-| Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) |
-| Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) |
-| Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:50.526913Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md) |
-| Gitea: anonymous user can visit private user's project in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:51.457970Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md) |
-| Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) |
-| Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) |
-| Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) |
-| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) |
-| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) |
-| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) |
-| Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) |
-| Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) |
-| Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) |
-| Shell command injection in gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:50:23.949796Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md) |
-| Path Traversal in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:50:06.638863Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md) |
-| Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) |
-| Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) |
-| Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) |
-| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) |
-| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) |
-| Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) |
-| Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) |
-| Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `verified-real` | `real` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) |
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
diff --git a/07-framework-security/platforms/gitlab-ce/INDEX.md b/07-framework-security/platforms/gitlab-ce/INDEX.md
index 8f6e2d94..a5223690 100644
--- a/07-framework-security/platforms/gitlab-ce/INDEX.md
+++ b/07-framework-security/platforms/gitlab-ce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/grafana/INDEX.md b/07-framework-security/platforms/grafana/INDEX.md
index 8502397a..17259301 100644
--- a/07-framework-security/platforms/grafana/INDEX.md
+++ b/07-framework-security/platforms/grafana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/jenkins/INDEX.md b/07-framework-security/platforms/jenkins/INDEX.md
index 05e4a0be..0dbbd799 100644
--- a/07-framework-security/platforms/jenkins/INDEX.md
+++ b/07-framework-security/platforms/jenkins/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/kibana/INDEX.md b/07-framework-security/platforms/kibana/INDEX.md
index 98abc63e..423bfdcf 100644
--- a/07-framework-security/platforms/kibana/INDEX.md
+++ b/07-framework-security/platforms/kibana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/mattermost/INDEX.md b/07-framework-security/platforms/mattermost/INDEX.md
index b11232f5..e2f52720 100644
--- a/07-framework-security/platforms/mattermost/INDEX.md
+++ b/07-framework-security/platforms/mattermost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/phpmyadmin/INDEX.md b/07-framework-security/platforms/phpmyadmin/INDEX.md
index 69f5e8b5..3497c798 100644
--- a/07-framework-security/platforms/phpmyadmin/INDEX.md
+++ b/07-framework-security/platforms/phpmyadmin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/redmine/INDEX.md b/07-framework-security/platforms/redmine/INDEX.md
index 92762790..e0583cc9 100644
--- a/07-framework-security/platforms/redmine/INDEX.md
+++ b/07-framework-security/platforms/redmine/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:13+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-httpd/INDEX.md b/07-framework-security/servers/apache-httpd/INDEX.md
index 9fb6ecd9..5d9dbc46 100644
--- a/07-framework-security/servers/apache-httpd/INDEX.md
+++ b/07-framework-security/servers/apache-httpd/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-tomcat/INDEX.md b/07-framework-security/servers/apache-tomcat/INDEX.md
index 727ca9a7..b2ebde77 100644
--- a/07-framework-security/servers/apache-tomcat/INDEX.md
+++ b/07-framework-security/servers/apache-tomcat/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/caddy/INDEX.md b/07-framework-security/servers/caddy/INDEX.md
index 8e573c24..67627f02 100644
--- a/07-framework-security/servers/caddy/INDEX.md
+++ b/07-framework-security/servers/caddy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/haproxy/INDEX.md b/07-framework-security/servers/haproxy/INDEX.md
index b0021ed5..edb87c4a 100644
--- a/07-framework-security/servers/haproxy/INDEX.md
+++ b/07-framework-security/servers/haproxy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/nginx/INDEX.md b/07-framework-security/servers/nginx/INDEX.md
index ac3cb06e..cbc8acad 100644
--- a/07-framework-security/servers/nginx/INDEX.md
+++ b/07-framework-security/servers/nginx/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/traefik/INDEX.md b/07-framework-security/servers/traefik/INDEX.md
index 7528f808..96776c5d 100644
--- a/07-framework-security/servers/traefik/INDEX.md
+++ b/07-framework-security/servers/traefik/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T04:06:10+00:00`
+- 最近渲染时间: `2026-03-18T14:45:52+00:00`
 
 ## 目标约束
 
diff --git a/08-threat-intel/generated/coverage-matrix.md b/08-threat-intel/generated/coverage-matrix.md
index ace37bb8..d3b4aaa9 100644
--- a/08-threat-intel/generated/coverage-matrix.md
+++ b/08-threat-intel/generated/coverage-matrix.md
@@ -21,7 +21,7 @@
 | Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:37/synthetic:0/blocked:0` | `33` | `37` | `0` | `2026-03-03T04:57:57.697708Z` |
+| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
@@ -37,7 +37,7 @@
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `0` | `2026-03-13T22:14:13.665535Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
@@ -57,8 +57,8 @@
 | SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:14/synthetic:0/blocked:0` | `0` | `14` | `0` | `2026-03-14T09:19:54.772219Z` |
-| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `0` | `2026-02-04T04:37:24.129476Z` |
+| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
+| Vite | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
diff --git a/08-threat-intel/generated/dashboard/advisories.json b/08-threat-intel/generated/dashboard/advisories.json
index ea8f9552..e6917261 100644
--- a/08-threat-intel/generated/dashboard/advisories.json
+++ b/08-threat-intel/generated/dashboard/advisories.json
@@ -1,2777 +1,34 @@
 {
-  "gitea--CVE-2018-15192": {
-    "canonical_id": "gitea--CVE-2018-15192",
-    "title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-    "summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-20T20:32:20Z",
-    "updated_at": "2026-03-03T04:54:04.686907Z",
-    "official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
-      "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
-      "https://github.com/go-gitea/gitea/issues/4624",
-      "https://github.com/go-gitea/gitea/pull/17482",
-      "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
-      "https://github.com/gogs/gogs/issues/5366",
-      "https://github.com/gogs/gogs/pull/6002"
-    ],
-    "aliases": [
-      "CVE-2018-15192",
-      "GHSA-fg3x-rwq9-74cw",
-      "GO-2023-1971"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "ssrf-url-validation"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2018-18926": {
-    "canonical_id": "gitea--CVE-2018-18926",
-    "title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-    "summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:29:04Z",
-    "updated_at": "2026-03-03T04:52:20.787387Z",
-    "official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
-      "https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
-      "https://github.com/go-gitea/gitea/issues/5140",
-      "https://github.com/go-gitea/gitea/pull/5177"
-    ],
-    "aliases": [
-      "CVE-2018-18926",
-      "GHSA-hf6f-jq25-8gq9",
-      "GO-2022-0844"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2019-1010261": {
-    "canonical_id": "gitea--CVE-2019-1010261",
-    "title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-    "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-20T20:31:38Z",
-    "updated_at": "2026-03-03T04:53:57.848904Z",
-    "official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
-      "https://github.com/go-gitea/gitea/pull/5905"
-    ],
-    "aliases": [
-      "CVE-2019-1010261",
-      "GHSA-5rh7-6gfj-mc87",
-      "GO-2023-1922"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2020-13246": {
-    "canonical_id": "gitea--CVE-2020-13246",
-    "title": "Denial of Service in Gitea in code.gitea.io/gitea",
-    "summary": "Denial of Service in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:29:04Z",
-    "updated_at": "2026-03-03T04:52:17.939867Z",
-    "official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
-      "https://github.com/go-gitea/gitea/issues/10549",
-      "https://github.com/go-gitea/gitea/pull/11438",
-      "https://www.youtube.com/watch?v=DmVgADSVS88"
-    ],
-    "aliases": [
-      "BIT-gitea-2020-13246",
-      "CVE-2020-13246",
-      "GHSA-g2qx-6ghw-67hm",
-      "GO-2022-0830"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2021-28378": {
-    "canonical_id": "gitea--CVE-2021-28378",
-    "title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-    "summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:29:04Z",
-    "updated_at": "2026-03-03T04:52:18.307544Z",
-    "official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
-      "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
-      "https://github.com/PandatiX/CVE-2021-28378",
-      "https://github.com/go-gitea/gitea/pull/14898",
-      "https://github.com/go-gitea/gitea/pull/14899"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-28378",
-      "CVE-2021-28378",
-      "GHSA-g95p-88p4-76cm",
-      "GO-2022-0832"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2021-29134": {
-    "canonical_id": "gitea--CVE-2021-29134",
-    "title": "Path Traversal in Gitea in code.gitea.io/gitea",
-    "summary": "Path Traversal in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T14:30:29Z",
-    "updated_at": "2026-03-03T04:50:06.638863Z",
-    "official_source_url": "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-29134",
-      "https://github.com/go-gitea/gitea/pull/15125/files",
-      "https://github.com/go-gitea/gitea/releases",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.13.6"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-29134",
-      "CVE-2021-29134",
-      "GHSA-h3q4-vmw4-cpr5",
-      "GO-2022-0353"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "path-traversal-guard"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2021-3382": {
-    "canonical_id": "gitea--CVE-2021-3382",
-    "title": "Buffer Overflow in gitea in code.gitea.io/gitea",
-    "summary": "Buffer Overflow in gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-06-04T15:19:21Z",
-    "updated_at": "2026-03-03T04:55:15.307648Z",
-    "official_source_url": "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-3382",
-      "https://github.com/go-gitea/gitea/pull/14390"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-3382",
-      "CVE-2021-3382",
-      "GHSA-9f8c-pfvv-p4gm",
-      "GO-2024-2757"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2021-45327": {
-    "canonical_id": "gitea--CVE-2021-45327",
-    "title": "Capture-replay in Gitea in code.gitea.io/gitea",
-    "summary": "Capture-replay in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T14:30:26Z",
-    "updated_at": "2026-03-03T04:52:07.840324Z",
-    "official_source_url": "https://github.com/advisories/GHSA-jrpg-35hw-m4p9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-45327",
-      "https://blog.gitea.io/2020/03/gitea-1.11.2-is-released",
-      "https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67",
-      "https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab",
-      "https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea",
-      "https://github.com/go-gitea/gitea/pull/10462",
-      "https://github.com/go-gitea/gitea/pull/10465",
-      "https://github.com/go-gitea/gitea/pull/10582"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-45327",
-      "CVE-2021-45327",
-      "GHSA-jrpg-35hw-m4p9",
-      "GO-2022-0310"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2021-45330": {
-    "canonical_id": "gitea--CVE-2021-45330",
-    "title": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-    "summary": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T16:03:21Z",
-    "updated_at": "2026-03-03T04:52:33.136607Z",
-    "official_source_url": "https://github.com/advisories/GHSA-pg38-r834-g45j",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-45330",
-      "https://github.com/go-gitea/gitea/issues/4336",
-      "https://github.com/go-gitea/gitea/pull/4840"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-45330",
-      "CVE-2021-45330",
-      "GHSA-pg38-r834-g45j",
-      "GO-2022-0982"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2021-45331": {
-    "canonical_id": "gitea--CVE-2021-45331",
-    "title": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-    "summary": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T14:30:29Z",
-    "updated_at": "2026-03-03T04:52:07.604662Z",
-    "official_source_url": "https://github.com/advisories/GHSA-hfmf-q69j-6m5p",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-45331",
-      "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released",
-      "https://github.com/go-gitea/gitea/pull/3878"
-    ],
-    "aliases": [
-      "BIT-gitea-2021-45331",
-      "CVE-2021-45331",
-      "GHSA-hfmf-q69j-6m5p",
-      "GO-2022-0315"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-0905": {
-    "canonical_id": "gitea--CVE-2022-0905",
-    "title": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-    "summary": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:11:40Z",
-    "updated_at": "2026-03-03T04:50:45.472605Z",
-    "official_source_url": "https://github.com/advisories/GHSA-jr9c-h74f-2v28",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-0905",
-      "https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2",
-      "https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314",
-      "https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-0905",
-      "CVE-2022-0905",
-      "GHSA-jr9c-h74f-2v28",
-      "GO-2022-0609"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-1058": {
-    "canonical_id": "gitea--CVE-2022-1058",
-    "title": "Gitea Open Redirect in code.gitea.io/gitea",
-    "summary": "Gitea Open Redirect in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-06-04T15:19:21Z",
-    "updated_at": "2026-03-03T04:51:49.844240Z",
-    "official_source_url": "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-1058",
-      "https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48",
-      "https://github.com/go-gitea/gitea/pull/19175",
-      "https://github.com/go-gitea/gitea/pull/19186",
-      "https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-1058",
-      "CVE-2022-1058",
-      "GHSA-4rqq-rxvc-v2rc",
-      "GO-2024-2752"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-1928": {
-    "canonical_id": "gitea--CVE-2022-1928",
-    "title": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-    "summary": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:11:40Z",
-    "updated_at": "2026-03-03T04:50:45.577318Z",
-    "official_source_url": "https://github.com/advisories/GHSA-ph3w-2843-72mx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-1928",
-      "https://github.com/go-gitea/gitea",
-      "https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c",
-      "https://github.com/go-gitea/gitea/pull/19825",
-      "https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2",
-      "https://security.gentoo.org/glsa/202210-14"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-1928",
-      "CVE-2022-1928",
-      "GHSA-ph3w-2843-72mx",
-      "GO-2022-0612"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-27313": {
-    "canonical_id": "gitea--CVE-2022-27313",
-    "title": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-    "summary": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:11:31Z",
-    "updated_at": "2026-03-03T04:50:19.647131Z",
-    "official_source_url": "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-27313",
-      "https://github.com/go-gitea/gitea/pull/19072",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.16.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-27313",
-      "CVE-2022-27313",
-      "GHSA-g7p7-x6w7-w6qg",
-      "GO-2022-0442"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-30781": {
-    "canonical_id": "gitea--CVE-2022-30781",
-    "title": "Shell command injection in gitea in code.gitea.io/gitea",
-    "summary": "Shell command injection in gitea in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T15:11:31Z",
-    "updated_at": "2026-03-03T04:50:23.949796Z",
-    "official_source_url": "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-30781",
-      "http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html",
-      "http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html",
-      "https://blog.gitea.io/2022/05/gitea-1.16.7-is-released",
-      "https://github.com/go-gitea/gitea/pull/19487",
-      "https://github.com/go-gitea/gitea/pull/19490"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-30781",
-      "CVE-2022-30781",
-      "GHSA-p5f9-c9j9-g8qx",
-      "GO-2022-0450"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-38183": {
-    "canonical_id": "gitea--CVE-2022-38183",
-    "title": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-    "summary": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-06-10T16:38:54Z",
-    "updated_at": "2026-03-03T04:55:04.505871Z",
-    "official_source_url": "https://github.com/advisories/GHSA-fhv8-m4j4-cww2",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-38183",
-      "https://blog.gitea.io/2022/07/gitea-1.16.9-is-released",
-      "https://github.com/go-gitea/gitea/pull/20133",
-      "https://github.com/go-gitea/gitea/pull/20196",
-      "https://herolab.usd.de/security-advisories/usd-2022-0015"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-38183",
-      "CVE-2022-38183",
-      "GHSA-fhv8-m4j4-cww2",
-      "GO-2024-2769"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-38795": {
-    "canonical_id": "gitea--CVE-2022-38795",
-    "title": "Gitea erroneous repo clones in code.gitea.io/gitea",
-    "summary": "Gitea erroneous repo clones in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T14:17:52Z",
-    "updated_at": "2026-03-03T04:54:07.076900Z",
-    "official_source_url": "https://github.com/advisories/GHSA-8j3v-68w3-3848",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-38795",
-      "https://blog.gitea.com/release-of-1.17.2",
-      "https://github.com/go-gitea/gitea/pull/20869",
-      "https://github.com/go-gitea/gitea/pull/20892"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-38795",
-      "CVE-2022-38795",
-      "GHSA-8j3v-68w3-3848",
-      "GO-2023-1999"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2022-42968": {
-    "canonical_id": "gitea--CVE-2022-42968",
-    "title": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
-    "summary": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-08-21T16:03:24Z",
-    "updated_at": "2026-03-03T04:52:41.181693Z",
-    "official_source_url": "https://github.com/advisories/GHSA-w8xw-7crf-h23x",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-42968",
-      "https://github.com/go-gitea/gitea/pull/21463",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.17.3",
-      "https://security.gentoo.org/glsa/202210-14"
-    ],
-    "aliases": [
-      "BIT-gitea-2022-42968",
-      "CVE-2022-42968",
-      "GHSA-w8xw-7crf-h23x",
-      "GO-2022-1065"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68938": {
-    "canonical_id": "gitea--CVE-2025-68938",
-    "title": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
-    "summary": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:49.095775Z",
-    "official_source_url": "https://github.com/advisories/GHSA-cm54-pfmc-xrwx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68938",
-      "https://blog.gitea.com/release-of-1.25.2",
-      "https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68938",
-      "CVE-2025-68938",
-      "GHSA-cm54-pfmc-xrwx",
-      "GO-2025-4258"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68939": {
-    "canonical_id": "gitea--CVE-2025-68939",
-    "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-    "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:48.777563Z",
-    "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-      "https://blog.gitea.com/release-of-1.23.0",
-      "https://github.com/go-gitea/gitea/pull/32151",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68939",
-      "CVE-2025-68939",
-      "GHSA-263q-5cv3-xq9g",
-      "GO-2025-4261"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68940": {
-    "canonical_id": "gitea--CVE-2025-68940",
-    "title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-    "summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:50.087298Z",
-    "official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
-      "https://blog.gitea.com/release-of-1.22.5",
-      "https://github.com/go-gitea/gitea/pull/32654",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68940",
-      "CVE-2025-68940",
-      "GHSA-rrcw-5rjv-vj26",
-      "GO-2025-4267"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2025-68941": {
-    "canonical_id": "gitea--CVE-2025-68941",
-    "title": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
-    "summary": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:50.339953Z",
-    "official_source_url": "https://github.com/advisories/GHSA-xfq3-qj7j-4565",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68941",
-      "https://blog.gitea.com/release-of-1.22.3",
-      "https://github.com/go-gitea/gitea/pull/32218",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.22.3"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68941",
-      "CVE-2025-68941",
-      "GHSA-xfq3-qj7j-4565",
-      "GO-2025-4268"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68942": {
-    "canonical_id": "gitea--CVE-2025-68942",
-    "title": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
-    "summary": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:49.781753Z",
-    "official_source_url": "https://github.com/advisories/GHSA-898p-hh3p-hf9r",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68942",
-      "https://blog.gitea.com/release-of-1.22.2",
-      "https://github.com/go-gitea/gitea/pull/31966",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68942",
-      "CVE-2025-68942",
-      "GHSA-898p-hh3p-hf9r",
-      "GO-2025-4263"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68943": {
-    "canonical_id": "gitea--CVE-2025-68943",
-    "title": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
-    "summary": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:49.213758Z",
-    "official_source_url": "https://github.com/advisories/GHSA-jhx5-4vr4-f327",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68943",
-      "https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10",
-      "https://github.com/go-gitea/gitea/pull/29430",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.21.8"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68943",
-      "CVE-2025-68943",
-      "GHSA-jhx5-4vr4-f327",
-      "GO-2025-4266"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68944": {
-    "canonical_id": "gitea--CVE-2025-68944",
-    "title": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
-    "summary": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:50.526913Z",
-    "official_source_url": "https://github.com/advisories/GHSA-f85h-c7m6-cfpm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68944",
-      "https://blog.gitea.com/release-of-1.22.2",
-      "https://github.com/go-gitea/gitea/pull/31967",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68944",
-      "CVE-2025-68944",
-      "GHSA-f85h-c7m6-cfpm",
-      "GO-2025-4264"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2025-68945": {
-    "canonical_id": "gitea--CVE-2025-68945",
-    "title": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
-    "summary": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:51.457970Z",
-    "official_source_url": "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68945",
-      "https://blog.gitea.com/release-of-1.21.2",
-      "https://github.com/go-gitea/gitea/pull/28423",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.21.2"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68945",
-      "CVE-2025-68945",
-      "GHSA-7xq4-mwcp-q8fx",
-      "GO-2025-4262"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-68946": {
-    "canonical_id": "gitea--CVE-2025-68946",
-    "title": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
-    "summary": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-30T01:49:57Z",
-    "updated_at": "2026-03-03T04:57:50.473303Z",
-    "official_source_url": "https://github.com/advisories/GHSA-hq57-c72x-4774",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-68946",
-      "https://blog.gitea.com/release-of-1.20.1",
-      "https://github.com/go-gitea/gitea/pull/25960",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.20.1"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-68946",
-      "CVE-2025-68946",
-      "GHSA-hq57-c72x-4774",
-      "GO-2025-4265"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "xss-output-encoding"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2025-69413": {
-    "canonical_id": "gitea--CVE-2025-69413",
-    "title": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
-    "summary": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-01-12T17:39:39Z",
-    "updated_at": "2026-03-03T04:57:49.801641Z",
-    "official_source_url": "https://github.com/advisories/GHSA-pc73-rj2c-wvf9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-69413",
-      "https://blog.gitea.com/release-of-1.25.2",
-      "https://github.com/go-gitea/gitea/issues/35984",
-      "https://github.com/go-gitea/gitea/pull/36002",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
-    ],
-    "aliases": [
-      "BIT-gitea-2025-69413",
-      "CVE-2025-69413",
-      "GHSA-pc73-rj2c-wvf9",
-      "GO-2026-4274"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-0798": {
-    "canonical_id": "gitea--CVE-2026-0798",
-    "title": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
-    "summary": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:54.518308Z",
-    "official_source_url": "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-0798",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/pull/36319",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-0798",
-      "CVE-2026-0798",
-      "GHSA-8fwc-qjw5-rvgp",
-      "GHSA-f4wq-6ww5-m56p",
-      "GO-2026-4365"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20736": {
-    "canonical_id": "gitea--CVE-2026-20736",
-    "title": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
-    "summary": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:53.977351Z",
-    "official_source_url": "https://github.com/advisories/GHSA-hgr3-x44x-33hx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20736",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
-      "https://github.com/go-gitea/gitea/pull/36320",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20736",
-      "CVE-2026-20736",
-      "GHSA-hgr3-x44x-33hx",
-      "GHSA-jr6h-pwwp-c8g6",
-      "GO-2026-4367"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary",
-      "file-upload-validation"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "gitea--CVE-2026-20750": {
-    "canonical_id": "gitea--CVE-2026-20750",
-    "title": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
-    "summary": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:57.697708Z",
-    "official_source_url": "https://github.com/advisories/GHSA-rw22-5hhq-pfpf",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20750",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/7b5de594cd92e30b9c3d40ffda119acad794cc64",
-      "https://github.com/go-gitea/gitea/pull/36318",
-      "https://github.com/go-gitea/gitea/pull/36373",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20750",
-      "CVE-2026-20750",
-      "GHSA-h4fh-pc4w-8w27",
-      "GHSA-rw22-5hhq-pfpf",
-      "GO-2026-4370"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20800": {
-    "canonical_id": "gitea--CVE-2026-20800",
-    "title": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
-    "summary": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:54.012782Z",
-    "official_source_url": "https://github.com/advisories/GHSA-2vgv-hgv4-22mh",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20800",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/67e75f30a83d2523cedc37ad7b03bcba66947833",
-      "https://github.com/go-gitea/gitea/pull/36339",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20800",
-      "CVE-2026-20800",
-      "GHSA-2vgv-hgv4-22mh",
-      "GHSA-g54m-9f6g-wj7q",
-      "GO-2026-4362"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20883": {
-    "canonical_id": "gitea--CVE-2026-20883",
-    "title": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
-    "summary": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:54.692700Z",
-    "official_source_url": "https://github.com/advisories/GHSA-j8xr-c56q-m8jj",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20883",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/95ea2df00a70176c516b12f3cfee8c84a310280f",
-      "https://github.com/go-gitea/gitea/pull/36340",
-      "https://github.com/go-gitea/gitea/pull/36368",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20883",
-      "CVE-2026-20883",
-      "GHSA-644v-xv3j-xgqg",
-      "GHSA-j8xr-c56q-m8jj",
-      "GO-2026-4368"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20888": {
-    "canonical_id": "gitea--CVE-2026-20888",
-    "title": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
-    "summary": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:56.025932Z",
-    "official_source_url": "https://github.com/advisories/GHSA-9cgq-wp42-4rpq",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20888",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/pull/36341",
-      "https://github.com/go-gitea/gitea/pull/36356",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20888",
-      "CVE-2026-20888",
-      "GHSA-9cgq-wp42-4rpq",
-      "GHSA-ccq9-c5hv-cf64",
-      "GO-2026-4366"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20897": {
-    "canonical_id": "gitea--CVE-2026-20897",
-    "title": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
-    "summary": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:55.339967Z",
-    "official_source_url": "https://github.com/advisories/GHSA-393c-qgvj-3xph",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20897",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/da036f3f35ca830b22cf4480912ed261303b798f",
-      "https://github.com/go-gitea/gitea/pull/36344",
-      "https://github.com/go-gitea/gitea/pull/36349",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20897",
-      "CVE-2026-20897",
-      "GHSA-393c-qgvj-3xph",
-      "GHSA-rrq5-r9h5-pc7c",
-      "GO-2026-4363"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20904": {
-    "canonical_id": "gitea--CVE-2026-20904",
-    "title": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
-    "summary": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:54.244003Z",
-    "official_source_url": "https://github.com/advisories/GHSA-qqgv-v353-cv8p",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20904",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/ed5720af2ac94d74f822721c05b42b6148ff9c22",
-      "https://github.com/go-gitea/gitea/pull/36346",
-      "https://github.com/go-gitea/gitea/pull/36361",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20904",
-      "CVE-2026-20904",
-      "GHSA-jrpc-w85r-hgqx",
-      "GHSA-qqgv-v353-cv8p",
-      "GO-2026-4369"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json"
-      ]
-    }
-  },
-  "gitea--CVE-2026-20912": {
-    "canonical_id": "gitea--CVE-2026-20912",
-    "title": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
-    "summary": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
-    "display_name": "Gitea",
-    "system_id": "gitea",
-    "category": "platforms",
-    "severity": "unknown",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-02-02T21:05:55Z",
-    "updated_at": "2026-03-03T04:57:55.747880Z",
-    "official_source_url": "https://github.com/advisories/GHSA-4xx9-vc8v-87hv",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-20912",
-      "https://blog.gitea.com/release-of-1.25.4",
-      "https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
-      "https://github.com/go-gitea/gitea/pull/36320",
-      "https://github.com/go-gitea/gitea/pull/36355",
-      "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-    ],
-    "aliases": [
-      "BIT-gitea-2026-20912",
-      "CVE-2026-20912",
-      "GHSA-4xx9-vc8v-87hv",
-      "GHSA-vfmv-f93v-37mw",
-      "GO-2026-4364"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "token-cookie-storage",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2020-15242": {
-    "canonical_id": "nextjs--CVE-2020-15242",
-    "title": "Open Redirect in Next.js versions",
-    "summary": "Open Redirect in Next.js versions",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2020-10-08T19:28:07Z",
-    "updated_at": "2026-03-13T22:14:13.665535Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
-      "https://github.com/vercel/next.js",
-      "https://github.com/zeit/next.js/releases/tag/v9.5.4"
-    ],
-    "aliases": [
-      "CVE-2020-15242",
-      "GHSA-x56p-c8cg-q435"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2020-5284": {
-    "canonical_id": "nextjs--CVE-2020-5284",
-    "title": "Directory Traversal in Next.js",
-    "summary": "Directory Traversal in Next.js",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2020-03-30T20:40:50Z",
-    "updated_at": "2025-09-26T17:49:56Z",
-    "official_source_url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2020-5284",
-      "https://github.com/zeit/next.js/releases/tag/v9.3.2",
-      "https://www.npmjs.com/advisories/1503"
-    ],
-    "aliases": [
-      "CVE-2020-5284",
-      "GHSA-fq77-7p7r-83rj"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "path-traversal-guard"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2021-37699": {
-    "canonical_id": "nextjs--CVE-2021-37699",
-    "title": "Open Redirect in Next.js",
-    "summary": "Open Redirect in Next.js",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2021-08-12T14:51:14Z",
-    "updated_at": "2026-03-13T22:00:08.038285Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-37699",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v11.1.0"
-    ],
-    "aliases": [
-      "CVE-2021-37699",
-      "GHSA-vxf5-wxwp-m7g9"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2021-39178": {
-    "canonical_id": "nextjs--CVE-2021-39178",
-    "title": "XSS in Image Optimization API for Next.js",
-    "summary": "XSS in Image Optimization API for Next.js",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2021-09-01T18:24:22Z",
-    "updated_at": "2026-03-13T22:00:20.154452Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-39178",
-      "https://github.com/vercel/next.js/pull/28620",
-      "https://github.com/vercel/next.js/commit/7afc97c5744b38bdf36aa7f87625f438224688aa",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v11.1.1"
-    ],
-    "aliases": [
-      "CVE-2021-39178",
-      "GHSA-9gr3-7897-pp7m"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "xss-output-encoding"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2021-43803": {
-    "canonical_id": "nextjs--CVE-2021-43803",
-    "title": "Unexpected server crash in Next.js.",
-    "summary": "Unexpected server crash in Next.js.",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2021-12-07T21:12:09Z",
-    "updated_at": "2026-03-13T22:00:36.554552Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2021-43803",
-      "https://github.com/vercel/next.js/pull/32080",
-      "https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v11.1.3",
-      "https://github.com/vercel/next.js/releases/v12.0.5"
-    ],
-    "aliases": [
-      "CVE-2021-43803",
-      "GHSA-25mp-g6fv-mqxx"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2024-34351": {
-    "canonical_id": "nextjs--CVE-2024-34351",
-    "title": "Next.js Server-Side Request Forgery in Server Actions",
-    "summary": "Next.js Server-Side Request Forgery in Server Actions",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-05-09T21:18:57Z",
-    "updated_at": "2026-02-04T03:32:36.434669Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
-      "https://github.com/vercel/next.js/pull/62561",
-      "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
-      "https://github.com/vercel/next.js"
-    ],
-    "aliases": [
-      "CVE-2024-34351",
-      "GHSA-fr5h-rqp8-mj6g"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "ssrf-url-validation"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2024-46982": {
-    "canonical_id": "nextjs--CVE-2024-46982",
-    "title": "Next.js Cache Poisoning",
-    "summary": "Next.js Cache Poisoning",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-09-17T21:58:09Z",
-    "updated_at": "2026-02-04T03:45:33.402195Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
-      "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
-      "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
-      "https://github.com/vercel/next.js"
-    ],
-    "aliases": [
-      "CVE-2024-46982",
-      "GHSA-gp8f-8m3g-qvj9"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2024-47831": {
-    "canonical_id": "nextjs--CVE-2024-47831",
-    "title": "Denial of Service condition in Next.js image optimization",
-    "summary": "Denial of Service condition in Next.js image optimization",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-10-14T19:45:21Z",
-    "updated_at": "2026-02-04T03:25:43.295558Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
-      "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
-      "https://github.com/vercel/next.js"
-    ],
-    "aliases": [
-      "CVE-2024-47831",
-      "GHSA-g77x-44xx-532m"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2024-51479": {
-    "canonical_id": "nextjs--CVE-2024-51479",
-    "title": "Next.js authorization bypass vulnerability",
-    "summary": "Next.js authorization bypass vulnerability",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-12-17T15:09:06Z",
-    "updated_at": "2025-09-10T21:12:24Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
-      "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v14.2.15"
-    ],
-    "aliases": [
-      "CVE-2024-51479",
-      "GHSA-7gfc-8cq8-jh5f"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2024-56332": {
-    "canonical_id": "nextjs--CVE-2024-56332",
-    "title": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-    "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-01-03T20:19:29Z",
-    "updated_at": "2026-02-04T04:36:04.252972Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
-      "https://github.com/vercel/next.js"
-    ],
-    "aliases": [
-      "CVE-2024-56332",
-      "GHSA-7m27-7ghc-44w9"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-29927": {
-    "canonical_id": "nextjs--CVE-2025-29927",
-    "title": "Authorization Bypass in Next.js Middleware",
-    "summary": "Authorization Bypass in Next.js Middleware",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-03-21T15:20:12Z",
-    "updated_at": "2026-03-04T15:06:29.993197Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
-      "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
-      "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v12.3.5",
-      "https://github.com/vercel/next.js/releases/tag/v13.5.9",
-      "https://security.netapp.com/advisory/ntap-20250328-0002",
-      "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
-      "http://www.openwall.com/lists/oss-security/2025/03/23/3",
-      "http://www.openwall.com/lists/oss-security/2025/03/23/4"
-    ],
-    "aliases": [
-      "CVE-2025-29927",
-      "GHSA-f82v-jwr5-mffw"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "nextjs--CVE-2025-30218": {
-    "canonical_id": "nextjs--CVE-2025-30218",
-    "title": "Next.js may leak x-middleware-subrequest-id to external hosts",
-    "summary": "Next.js may leak x-middleware-subrequest-id to external hosts",
+  "nextjs--CVE-2026-27977": {
+    "canonical_id": "nextjs--CVE-2026-27977",
+    "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
+    "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
     "display_name": "Next.js",
     "system_id": "nextjs",
     "category": "frameworks",
     "severity": "medium",
-    "cvss_score": null,
+    "cvss_score": 4.0,
     "exploit_status": "unknown",
-    "published_at": "2025-04-02T22:35:37Z",
-    "updated_at": "2025-10-13T15:35:50Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf",
+    "published_at": "2026-03-17T15:29:48Z",
+    "updated_at": "2026-03-17T15:46:26.028580Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
     "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-30218",
+      "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
       "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O"
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
     ],
     "aliases": [
-      "CVE-2025-30218",
-      "GHSA-223j-4rm8-mrmf"
+      "CVE-2026-27977",
+      "GHSA-jcc7-9wpm-mj36"
     ],
     "secure_code_topics": [
       "authz-server-side-recheck",
       "proxy-trust-boundary",
       "token-cookie-storage"
     ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-32421": {
-    "canonical_id": "nextjs--CVE-2025-32421",
-    "title": "Next.js Race Condition to Cache Poisoning",
-    "summary": "Next.js Race Condition to Cache Poisoning",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-05-15T14:12:26Z",
-    "updated_at": "2025-09-26T17:48:29Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-32421",
-      "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/cve-2025-32421"
-    ],
-    "aliases": [
-      "CVE-2025-32421",
-      "GHSA-qpjv-v59x-3qc4"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-48068": {
-    "canonical_id": "nextjs--CVE-2025-48068",
-    "title": "Information exposure in Next.js dev server due to lack of origin verification",
-    "summary": "Information exposure in Next.js dev server due to lack of origin verification",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-05-28T21:52:13Z",
-    "updated_at": "2025-06-13T14:41:21Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-48068",
-      "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/cve-2025-48068"
-    ],
-    "aliases": [
-      "CVE-2025-48068",
-      "GHSA-3h52-269p-cp9r"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-49005": {
-    "canonical_id": "nextjs--CVE-2025-49005",
-    "title": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-    "summary": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-07-03T20:30:18Z",
-    "updated_at": "2026-02-04T02:37:18.974477Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-49005",
-      "https://github.com/vercel/next.js/issues/79346",
-      "https://github.com/vercel/next.js/pull/79939",
-      "https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v15.3.3",
-      "https://vercel.com/changelog/cve-2025-49005"
-    ],
-    "aliases": [
-      "CVE-2025-49005",
-      "GHSA-r2fc-ccr8-96c4"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-49826": {
-    "canonical_id": "nextjs--CVE-2025-49826",
-    "title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-    "summary": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-07-03T21:14:48Z",
-    "updated_at": "2025-07-03T21:49:52Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
-      "https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
-      "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
-      "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v15.1.8",
-      "https://vercel.com/changelog/cve-2025-49826"
-    ],
-    "aliases": [
-      "CVE-2025-49826",
-      "GHSA-67rr-84xm-4c7r"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-55173": {
-    "canonical_id": "nextjs--CVE-2025-55173",
-    "title": "Next.js Content Injection Vulnerability for Image Optimization",
-    "summary": "Next.js Content Injection Vulnerability for Image Optimization",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-08-29T21:59:55Z",
-    "updated_at": "2026-02-04T04:35:34.538107Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
-      "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-      "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/cve-2025-55173",
-      "http://vercel.com/changelog/cve-2025-55173"
-    ],
-    "aliases": [
-      "CVE-2025-55173",
-      "GHSA-xv57-4mr9-wg8v"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-57752": {
-    "canonical_id": "nextjs--CVE-2025-57752",
-    "title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-    "summary": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-08-29T22:06:22Z",
-    "updated_at": "2026-02-04T02:50:08.291668Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
-      "https://github.com/vercel/next.js/pull/82114",
-      "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-      "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/cve-2025-57752"
-    ],
-    "aliases": [
-      "CVE-2025-57752",
-      "GHSA-g5qg-72qw-gw5v"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--CVE-2025-57822": {
-    "canonical_id": "nextjs--CVE-2025-57822",
-    "title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-    "summary": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-08-29T21:33:09Z",
-    "updated_at": "2026-02-04T04:20:45.658010Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
-      "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
-      "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/cve-2025-57822"
-    ],
-    "aliases": [
-      "CVE-2025-57822",
-      "GHSA-4342-x723-ch2f"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "ssrf-url-validation"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
     "blocked_reason": null,
     "browser_evidence": {
       "required": false,
@@ -2779,1506 +36,155 @@
       "refs": []
     }
   },
-  "nextjs--CVE-2025-59471": {
-    "canonical_id": "nextjs--CVE-2025-59471",
-    "title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
-    "summary": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
+  "nextjs--CVE-2026-27978": {
+    "canonical_id": "nextjs--CVE-2026-27978",
+    "title": "Next.js: null origin can bypass Server Actions CSRF checks",
+    "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
     "display_name": "Next.js",
     "system_id": "nextjs",
     "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
+    "severity": "medium",
+    "cvss_score": 4.0,
     "exploit_status": "unknown",
-    "published_at": "2026-01-27T19:18:25Z",
-    "updated_at": "2026-02-10T01:28:46.973023Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
+    "published_at": "2026-03-17T15:30:14Z",
+    "updated_at": "2026-03-17T15:46:43.484729Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
     "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
-      "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
-      "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
+      "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
       "https://github.com/vercel/next.js",
-      "https://github.com/vercel/next.js/releases/tag/v15.5.10",
-      "https://github.com/vercel/next.js/releases/tag/v16.1.5"
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
     ],
     "aliases": [
-      "CVE-2025-59471",
-      "GHSA-9g9p-9gw9-jx7f"
+      "CVE-2026-27978",
+      "GHSA-mq59-m269-xvcx"
     ],
     "secure_code_topics": [
       "authz-server-side-recheck",
       "proxy-trust-boundary",
       "token-cookie-storage"
     ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
     "blocked_reason": null,
     "browser_evidence": {
       "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json"
-      ]
+      "present": false,
+      "refs": []
     }
   },
-  "nextjs--CVE-2025-59472": {
-    "canonical_id": "nextjs--CVE-2025-59472",
-    "title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
-    "summary": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
+  "nextjs--CVE-2026-27979": {
+    "canonical_id": "nextjs--CVE-2026-27979",
+    "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+    "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
     "display_name": "Next.js",
     "system_id": "nextjs",
     "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
+    "severity": "medium",
+    "cvss_score": 4.0,
     "exploit_status": "unknown",
-    "published_at": "2026-01-28T15:20:55Z",
-    "updated_at": "2026-02-06T13:13:43.709252Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
+    "published_at": "2026-03-17T16:16:49Z",
+    "updated_at": "2026-03-17T16:31:34.160932Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
     "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
+      "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
       "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
     ],
     "aliases": [
-      "CVE-2025-59472",
-      "GHSA-5f7q-jpqc-wp7h"
+      "CVE-2026-27979",
+      "GHSA-h27x-g6w4-24gq"
     ],
     "secure_code_topics": [
       "authz-server-side-recheck",
       "proxy-trust-boundary",
       "token-cookie-storage"
     ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
     "blocked_reason": null,
     "browser_evidence": {
       "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json"
-      ]
+      "present": false,
+      "refs": []
     }
   },
-  "nextjs--GHSA-5j59-xgg2-r9c4": {
-    "canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
-    "title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-    "summary": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
+  "nextjs--CVE-2026-27980": {
+    "canonical_id": "nextjs--CVE-2026-27980",
+    "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
+    "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
     "display_name": "Next.js",
     "system_id": "nextjs",
     "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
+    "severity": "medium",
+    "cvss_score": 4.0,
     "exploit_status": "unknown",
-    "published_at": "2025-12-12T17:21:57Z",
-    "updated_at": "2026-02-04T02:46:38.768104Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
+    "published_at": "2026-03-17T16:17:06Z",
+    "updated_at": "2026-03-17T16:31:33.597080Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
     "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
+      "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
       "https://github.com/vercel/next.js",
-      "https://nextjs.org/blog/security-update-2025-12-11",
-      "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
-      "https://www.cve.org/CVERecord?id=CVE-2025-55184",
-      "https://www.facebook.com/security/advisories/cve-2025-67779"
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
     ],
     "aliases": [
-      "GHSA-5j59-xgg2-r9c4"
+      "CVE-2026-27980",
+      "GHSA-3x4c-7xq6-9pq8"
     ],
     "secure_code_topics": [
       "authz-server-side-recheck",
       "proxy-trust-boundary",
       "token-cookie-storage"
     ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
     "blocked_reason": null,
     "browser_evidence": {
       "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json"
-      ]
+      "present": false,
+      "refs": []
     }
   },
-  "nextjs--GHSA-9qr9-h5gf-34mp": {
-    "canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
-    "title": "Next.js is vulnerable to RCE in React flight protocol",
-    "summary": "Next.js is vulnerable to RCE in React flight protocol",
+  "nextjs--CVE-2026-29057": {
+    "canonical_id": "nextjs--CVE-2026-29057",
+    "title": "Next.js: HTTP request smuggling in rewrites",
+    "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
     "display_name": "Next.js",
     "system_id": "nextjs",
     "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
+    "severity": "medium",
+    "cvss_score": 4.0,
     "exploit_status": "unknown",
-    "published_at": "2025-12-03T19:07:11Z",
-    "updated_at": "2026-02-04T03:45:15.823345Z",
-    "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
+    "published_at": "2026-03-17T16:17:15Z",
+    "updated_at": "2026-03-17T16:31:26.646070Z",
+    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
     "secondary_source_urls": [
-      "https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
-      "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
-      "https://github.com/vercel/next.js"
+      "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
+      "https://github.com/vercel/next.js",
+      "https://github.com/vercel/next.js/releases/tag/v15.5.13",
+      "https://github.com/vercel/next.js/releases/tag/v16.1.7"
     ],
     "aliases": [
-      "GHSA-9qr9-h5gf-34mp"
+      "CVE-2026-29057",
+      "GHSA-ggv3-7p47-pfv8"
     ],
     "secure_code_topics": [
       "authz-server-side-recheck",
       "proxy-trust-boundary",
       "token-cookie-storage",
+      "request-smuggling-boundary",
       "dependency-upgrade-policy"
     ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--GHSA-h25m-26qc-wcjf": {
-    "canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
-    "title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-    "summary": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-01-28T15:38:01Z",
-    "updated_at": "2026-02-13T00:43:52.836085Z",
-    "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
-      "https://github.com/vercel/next.js",
-      "https://vercel.com/changelog/summary-of-cve-2026-23864"
-    ],
-    "aliases": [
-      "GHSA-h25m-26qc-wcjf"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "dependency-upgrade-policy",
-      "deserialization-safety"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
+    "verification_status": "triage-manual",
+    "verification_mode": "synthetic",
+    "artifact_mode": "official-source",
     "blocked_reason": null,
     "browser_evidence": {
       "required": false,
       "present": false,
       "refs": []
     }
-  },
-  "nextjs--GHSA-mwv6-3258-q52c": {
-    "canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
-    "title": "Next Vulnerable to Denial of Service with Server Components",
-    "summary": "Next Vulnerable to Denial of Service with Server Components",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-11T22:49:27Z",
-    "updated_at": "2026-02-04T03:55:54.855562Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js",
-      "https://nextjs.org/blog/security-update-2025-12-11",
-      "https://www.cve.org/CVERecord?id=CVE-2025-55184"
-    ],
-    "aliases": [
-      "GHSA-mwv6-3258-q52c"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json"
-      ]
-    }
-  },
-  "nextjs--GHSA-w37m-7fhw-fmv9": {
-    "canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
-    "title": "Next Server Actions Source Code Exposure ",
-    "summary": "Next Server Actions Source Code Exposure ",
-    "display_name": "Next.js",
-    "system_id": "nextjs",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-12-11T22:49:56Z",
-    "updated_at": "2026-02-04T02:51:40.627151Z",
-    "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
-    "secondary_source_urls": [
-      "https://github.com/vercel/next.js",
-      "https://nextjs.org/blog/security-update-2025-12-11",
-      "https://www.cve.org/CVERecord?id=CVE-2025-55183"
-    ],
-    "aliases": [
-      "GHSA-w37m-7fhw-fmv9"
-    ],
-    "secure_code_topics": [
-      "authz-server-side-recheck",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json"
-      ]
-    }
-  },
-  "undici--CVE-2022-31151": {
-    "canonical_id": "undici--CVE-2022-31151",
-    "title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-    "summary": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2022-07-21T20:31:05Z",
-    "updated_at": "2026-02-04T03:02:08.652391Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
-      "https://github.com/nodejs/undici/issues/872",
-      "https://github.com/nodejs/undici/pull/1441",
-      "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
-      "https://hackerone.com/reports/1635514",
-      "https://github.com/nodejs/undici",
-      "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
-      "https://github.com/nodejs/undici/releases/tag/v5.8.0",
-      "https://security.netapp.com/advisory/ntap-20220909-0006"
-    ],
-    "aliases": [
-      "CVE-2022-31151",
-      "GHSA-q768-x9m6-m9qp"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary",
-      "token-cookie-storage",
-      "dependency-upgrade-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2022-32210": {
-    "canonical_id": "undici--CVE-2022-32210",
-    "title": "ProxyAgent vulnerable to MITM",
-    "summary": "ProxyAgent vulnerable to MITM",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2022-06-17T01:02:29Z",
-    "updated_at": "2026-03-13T22:15:23.541247Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
-      "https://hackerone.com/reports/1583680",
-      "https://github.com/nodejs/undici"
-    ],
-    "aliases": [
-      "CVE-2022-32210",
-      "GHSA-pgw7-wx7w-2w33"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2023-45143": {
-    "canonical_id": "undici--CVE-2023-45143",
-    "title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-    "summary": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2023-10-16T14:05:37Z",
-    "updated_at": "2026-02-04T02:35:56.289390Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-    "secondary_source_urls": [
-      "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
-      "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
-      "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
-      "https://hackerone.com/reports/2166948",
-      "https://github.com/nodejs/undici",
-      "https://github.com/nodejs/undici/releases/tag/v5.26.2",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
-    ],
-    "aliases": [
-      "CVE-2023-45143",
-      "GHSA-wqq4-5wpv-mx2g"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary",
-      "token-cookie-storage"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2024-30260": {
-    "canonical_id": "undici--CVE-2024-30260",
-    "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-    "summary": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-04-04T14:20:39Z",
-    "updated_at": "2025-11-04T19:44:28Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
-      "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
-      "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
-      "https://hackerone.com/reports/2408074",
-      "https://github.com/nodejs/undici",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-      "https://security.netapp.com/advisory/ntap-20240905-0008"
-    ],
-    "aliases": [
-      "CVE-2024-30260",
-      "GHSA-m4v8-wqvr-p9f7"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2024-30261": {
-    "canonical_id": "undici--CVE-2024-30261",
-    "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-    "summary": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-04-04T14:20:54Z",
-    "updated_at": "2025-11-04T19:44:42Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
-      "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
-      "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
-      "https://hackerone.com/reports/2377760",
-      "https://github.com/nodejs/undici",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-      "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-      "https://security.netapp.com/advisory/ntap-20240905-0008"
-    ],
-    "aliases": [
-      "CVE-2024-30261",
-      "GHSA-9qxr-qj54-h672"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2025-22150": {
-    "canonical_id": "undici--CVE-2025-22150",
-    "title": "Use of Insufficiently Random Values in undici",
-    "summary": "Use of Insufficiently Random Values in undici",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-01-21T21:10:47Z",
-    "updated_at": "2026-02-04T02:29:26.373390Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
-      "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
-      "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
-      "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
-      "https://hackerone.com/reports/2913312",
-      "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
-      "https://github.com/nodejs/undici",
-      "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
-    ],
-    "aliases": [
-      "CVE-2025-22150",
-      "GHSA-c76h-2ccp-4975"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2025-47279": {
-    "canonical_id": "undici--CVE-2025-47279",
-    "title": "undici Denial of Service attack via bad certificate data",
-    "summary": "undici Denial of Service attack via bad certificate data",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-05-15T14:15:06Z",
-    "updated_at": "2026-02-06T22:08:08.311705Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
-      "https://github.com/nodejs/undici/issues/3895",
-      "https://github.com/nodejs/undici/pull/4088",
-      "https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
-      "https://github.com/nodejs/undici"
-    ],
-    "aliases": [
-      "CVE-2025-47279",
-      "GHSA-cxrh-j4jr-qwg3"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-1525": {
-    "canonical_id": "undici--CVE-2026-1525",
-    "title": "Undici has an HTTP Request/Response Smuggling issue",
-    "summary": "Undici has an HTTP Request/Response Smuggling issue",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-13T20:07:03Z",
-    "updated_at": "2026-03-14T09:19:54.772219Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
-      "https://hackerone.com/reports/3556037",
-      "https://cna.openjsf.org/security-advisories.html",
-      "https://cwe.mitre.org/data/definitions/444.html",
-      "https://github.com/nodejs/undici",
-      "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
-    ],
-    "aliases": [
-      "CVE-2026-1525",
-      "GHSA-2mjp-6q6p-2qxm"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary",
-      "request-smuggling-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-1526": {
-    "canonical_id": "undici--CVE-2026-1526",
-    "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-    "summary": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-13T20:41:56Z",
-    "updated_at": "2026-03-13T20:54:25.563997Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
-      "https://hackerone.com/reports/3481206",
-      "https://cna.openjsf.org/security-advisories.html",
-      "https://datatracker.ietf.org/doc/html/rfc7692",
-      "https://github.com/nodejs/undici",
-      "https://owasp.org/www-community/attacks/Denial_of_Service"
-    ],
-    "aliases": [
-      "CVE-2026-1526",
-      "GHSA-vrm6-8vpv-qv8q"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-1527": {
-    "canonical_id": "undici--CVE-2026-1527",
-    "title": "Undici has CRLF Injection in undici via `upgrade` option",
-    "summary": "Undici has CRLF Injection in undici via `upgrade` option",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-13T20:41:26Z",
-    "updated_at": "2026-03-13T20:54:25.572106Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
-      "https://hackerone.com/reports/3487198",
-      "https://cna.openjsf.org/security-advisories.html",
-      "https://github.com/nodejs/undici"
-    ],
-    "aliases": [
-      "CVE-2026-1527",
-      "GHSA-4992-7rv2-5pvq"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-1528": {
-    "canonical_id": "undici--CVE-2026-1528",
-    "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-    "summary": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-13T20:07:26Z",
-    "updated_at": "2026-03-14T09:17:45.838435Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
-      "https://hackerone.com/reports/3537648",
-      "https://cna.openjsf.org/security-advisories.html",
-      "https://github.com/nodejs/undici"
-    ],
-    "aliases": [
-      "CVE-2026-1528",
-      "GHSA-f269-vfmq-vjvj"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-22036": {
-    "canonical_id": "undici--CVE-2026-22036",
-    "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-    "summary": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-01-14T21:06:08Z",
-    "updated_at": "2026-02-04T02:56:17.456091Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
-      "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
-      "https://github.com/nodejs/undici"
-    ],
-    "aliases": [
-      "CVE-2026-22036",
-      "GHSA-g9mf-h72j-4rw9"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-2229": {
-    "canonical_id": "undici--CVE-2026-2229",
-    "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-    "summary": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-13T20:41:41Z",
-    "updated_at": "2026-03-13T20:54:26.149214Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
-      "https://hackerone.com/reports/3487486",
-      "https://cna.openjsf.org/security-advisories.html",
-      "https://datatracker.ietf.org/doc/html/rfc7692",
-      "https://github.com/nodejs/undici",
-      "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
-    ],
-    "aliases": [
-      "CVE-2026-2229",
-      "GHSA-v9p9-hfj2-hcw8"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "undici--CVE-2026-2581": {
-    "canonical_id": "undici--CVE-2026-2581",
-    "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-    "summary": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-    "display_name": "Undici",
-    "system_id": "undici",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2026-03-13T20:37:58Z",
-    "updated_at": "2026-03-13T20:54:25.417862Z",
-    "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
-      "https://hackerone.com/reports/3513473",
-      "https://cna.openjsf.org/security-advisories.html",
-      "https://github.com/nodejs/undici"
-    ],
-    "aliases": [
-      "CVE-2026-2581",
-      "GHSA-phc3-fgpg-7m6h"
-    ],
-    "secure_code_topics": [
-      "ssrf-url-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": false,
-      "refs": []
-    }
-  },
-  "vite--CVE-2024-23331": {
-    "canonical_id": "vite--CVE-2024-23331",
-    "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-    "summary": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-01-19T21:58:47Z",
-    "updated_at": "2026-02-04T04:17:01.410592Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
-      "https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
-      "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
-      "https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
-      "https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
-      "https://github.com/vitejs/vite",
-      "https://vitejs.dev/config/server-options.html#server-fs-deny"
-    ],
-    "aliases": [
-      "CVE-2024-23331",
-      "GHSA-c24v-8rfc-w8vw"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2024-45811": {
-    "canonical_id": "vite--CVE-2024-45811",
-    "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-    "summary": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-09-17T18:44:12Z",
-    "updated_at": "2026-02-04T04:05:31.919291Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
-      "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
-      "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
-      "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
-      "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
-      "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2024-45811",
-      "GHSA-9cwx-2883-4wfx"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2024-45812": {
-    "canonical_id": "vite--CVE-2024-45812",
-    "title": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-    "summary": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2024-09-17T19:28:01Z",
-    "updated_at": "2026-02-04T04:04:22.977459Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
-    "secondary_source_urls": [
-      "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
-      "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
-      "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af",
-      "https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675",
-      "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd",
-      "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
-      "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3",
-      "https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e",
-      "https://github.com/vitejs/vite",
-      "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
-      "https://scnps.co/papers/sp23_domclob.pdf"
-    ],
-    "aliases": [
-      "CVE-2024-45812",
-      "GHSA-64vr-g452-qvp3"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary",
-      "xss-output-encoding",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-24010": {
-    "canonical_id": "vite--CVE-2025-24010",
-    "title": "Websites were able to send any requests to the development server and read the response in vite",
-    "summary": "Websites were able to send any requests to the development server and read the response in vite",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-01-21T19:52:55Z",
-    "updated_at": "2026-02-04T04:37:03.076966Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-24010",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2025-24010",
-      "GHSA-vg6x-rcgg-rjx6"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary",
-      "dom-sink-hardening",
-      "token-cookie-storage",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": true,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-30208": {
-    "canonical_id": "vite--CVE-2025-30208",
-    "title": "Vite bypasses server.fs.deny when using ?raw??",
-    "summary": "Vite bypasses server.fs.deny when using ?raw??",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-03-25T14:00:02Z",
-    "updated_at": "2026-02-04T03:13:24.371631Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
-      "https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
-      "https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
-      "https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
-      "https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
-      "https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2025-30208",
-      "GHSA-x574-m823-4x7w"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-31125": {
-    "canonical_id": "vite--CVE-2025-31125",
-    "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-    "summary": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-03-31T17:31:54Z",
-    "updated_at": "2026-02-04T04:37:24.129476Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
-      "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
-      "https://github.com/vitejs/vite",
-      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
-    ],
-    "aliases": [
-      "CVE-2025-31125",
-      "GHSA-4r4m-qw57-chr8"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-31486": {
-    "canonical_id": "vite--CVE-2025-31486",
-    "title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-    "summary": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "low",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-04-04T14:20:05Z",
-    "updated_at": "2026-02-04T03:51:38.412061Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
-      "https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
-      "https://github.com/vitejs/vite",
-      "https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
-    ],
-    "aliases": [
-      "CVE-2025-31486",
-      "GHSA-xcj6-pq6g-qj4x"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-32395": {
-    "canonical_id": "vite--CVE-2025-32395",
-    "title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-    "summary": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-04-11T14:06:03Z",
-    "updated_at": "2026-02-04T04:11:44.900383Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
-      "https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2025-32395",
-      "GHSA-356w-63v5-8wf4"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-46565": {
-    "canonical_id": "vite--CVE-2025-46565",
-    "title": "Vite's server.fs.deny bypassed with /. for files under project root",
-    "summary": "Vite's server.fs.deny bypassed with /. for files under project root",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-04-30T17:40:27Z",
-    "updated_at": "2026-02-04T03:27:17.681639Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
-      "https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2025-46565",
-      "GHSA-859w-5945-r5v3"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-58751": {
-    "canonical_id": "vite--CVE-2025-58751",
-    "title": "Vite middleware may serve files starting with the same name with the public directory",
-    "summary": "Vite middleware may serve files starting with the same name with the public directory",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-09-09T20:55:56Z",
-    "updated_at": "2026-02-04T04:33:22.508417Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-58751",
-      "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
-      "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d",
-      "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069",
-      "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec",
-      "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2025-58751",
-      "GHSA-g4jq-h2w9-997c"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-58752": {
-    "canonical_id": "vite--CVE-2025-58752",
-    "title": "Vite's `server.fs` settings were not applied to HTML files",
-    "summary": "Vite's `server.fs` settings were not applied to HTML files",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-09-09T20:54:42Z",
-    "updated_at": "2026-02-04T04:35:16.287471Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-58752",
-      "https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f",
-      "https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e",
-      "https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea",
-      "https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6",
-      "https://github.com/vitejs/vite",
-      "https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md"
-    ],
-    "aliases": [
-      "CVE-2025-58752",
-      "GHSA-jqfw-vq24-v9c3"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary",
-      "plugin-extension-trust-policy"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
-      ]
-    }
-  },
-  "vite--CVE-2025-62522": {
-    "canonical_id": "vite--CVE-2025-62522",
-    "title": "vite allows server.fs.deny bypass via backslash on Windows",
-    "summary": "vite allows server.fs.deny bypass via backslash on Windows",
-    "display_name": "Vite",
-    "system_id": "vite",
-    "category": "frameworks",
-    "severity": "medium",
-    "cvss_score": null,
-    "exploit_status": "unknown",
-    "published_at": "2025-10-20T19:54:28Z",
-    "updated_at": "2026-02-04T04:13:38.886554Z",
-    "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7",
-    "secondary_source_urls": [
-      "https://nvd.nist.gov/vuln/detail/CVE-2025-62522",
-      "https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed",
-      "https://github.com/vitejs/vite"
-    ],
-    "aliases": [
-      "CVE-2025-62522",
-      "GHSA-93m4-6634-74q7"
-    ],
-    "secure_code_topics": [
-      "dependency-upgrade-policy",
-      "file-upload-validation",
-      "proxy-trust-boundary"
-    ],
-    "verification_status": "verified-real",
-    "verification_mode": "real",
-    "artifact_mode": "local-fixture",
-    "blocked_reason": null,
-    "browser_evidence": {
-      "required": false,
-      "present": true,
-      "refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
-      ]
-    }
   }
 }
diff --git a/08-threat-intel/generated/dashboard/architecture.json b/08-threat-intel/generated/dashboard/architecture.json
index 768df065..042bdd03 100644
--- a/08-threat-intel/generated/dashboard/architecture.json
+++ b/08-threat-intel/generated/dashboard/architecture.json
@@ -1,5 +1,5 @@
 {
-  "generated_at": "2026-03-18T14:22:56+00:00",
+  "generated_at": "2026-03-18T14:45:55+00:00",
   "title": "\u5f53\u524d\u67b6\u6784\u5e93",
   "summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
   "sections": [
@@ -31,7 +31,7 @@
         },
         {
           "label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
-          "value": "89"
+          "value": "5"
         }
       ],
       "fields": [
@@ -49,7 +49,7 @@
         },
         {
           "label": "\u751f\u6210\u65f6\u95f4",
-          "value": "2026-03-18T14:22:56+00:00"
+          "value": "2026-03-18T14:45:55+00:00"
         }
       ],
       "links": [
@@ -5857,7 +5857,7 @@
         },
         {
           "label": "Advisory \u6570",
-          "value": "89"
+          "value": "5"
         },
         {
           "label": "\u72b6\u6001\u7c7b\u578b",
@@ -5865,7 +5865,7 @@
         },
         {
           "label": "\u6700\u8fd1\u5931\u8d25",
-          "value": "0"
+          "value": "5"
         }
       ],
       "items": [
@@ -5875,17 +5875,17 @@
           "open": false,
           "items": [
             {
-              "title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
-              "summary": "\u5f53\u524d\u7d2f\u8ba1 89 \u6761\u3002",
+              "title": "\u4eba\u5de5\u5206\u8bca",
+              "summary": "\u5f53\u524d\u7d2f\u8ba1 5 \u6761\u3002",
               "open": false,
               "fields": [
                 {
                   "label": "\u72b6\u6001\u7f16\u7801",
-                  "value": "verified-real"
+                  "value": "triage-manual"
                 },
                 {
                   "label": "\u6570\u91cf",
-                  "value": "89"
+                  "value": "5"
                 }
               ]
             }
@@ -5897,9 +5897,134 @@
           "open": false,
           "items": [
             {
-              "title": "\u6682\u65e0\u5931\u8d25\u6837\u672c",
-              "summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002",
-              "open": false
+              "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
+              "open": false,
+              "badges": [
+                "\u4eba\u5de5\u5206\u8bca"
+              ],
+              "fields": [
+                {
+                  "label": "\u8fd0\u884c ID",
+                  "value": "-"
+                },
+                {
+                  "label": "\u6f0f\u6d1e\u6761\u76ee",
+                  "value": "nextjs--CVE-2026-27979"
+                },
+                {
+                  "label": "\u72b6\u6001",
+                  "value": "\u4eba\u5de5\u5206\u8bca"
+                },
+                {
+                  "label": "\u963b\u585e\u539f\u56e0",
+                  "value": "-"
+                }
+              ]
+            },
+            {
+              "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
+              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
+              "open": false,
+              "badges": [
+                "\u4eba\u5de5\u5206\u8bca"
+              ],
+              "fields": [
+                {
+                  "label": "\u8fd0\u884c ID",
+                  "value": "-"
+                },
+                {
+                  "label": "\u6f0f\u6d1e\u6761\u76ee",
+                  "value": "nextjs--CVE-2026-27980"
+                },
+                {
+                  "label": "\u72b6\u6001",
+                  "value": "\u4eba\u5de5\u5206\u8bca"
+                },
+                {
+                  "label": "\u963b\u585e\u539f\u56e0",
+                  "value": "-"
+                }
+              ]
+            },
+            {
+              "title": "Next.js: HTTP request smuggling in rewrites",
+              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
+              "open": false,
+              "badges": [
+                "\u4eba\u5de5\u5206\u8bca"
+              ],
+              "fields": [
+                {
+                  "label": "\u8fd0\u884c ID",
+                  "value": "-"
+                },
+                {
+                  "label": "\u6f0f\u6d1e\u6761\u76ee",
+                  "value": "nextjs--CVE-2026-29057"
+                },
+                {
+                  "label": "\u72b6\u6001",
+                  "value": "\u4eba\u5de5\u5206\u8bca"
+                },
+                {
+                  "label": "\u963b\u585e\u539f\u56e0",
+                  "value": "-"
+                }
+              ]
+            },
+            {
+              "title": "Next.js: null origin can bypass Server Actions CSRF checks",
+              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
+              "open": false,
+              "badges": [
+                "\u4eba\u5de5\u5206\u8bca"
+              ],
+              "fields": [
+                {
+                  "label": "\u8fd0\u884c ID",
+                  "value": "-"
+                },
+                {
+                  "label": "\u6f0f\u6d1e\u6761\u76ee",
+                  "value": "nextjs--CVE-2026-27978"
+                },
+                {
+                  "label": "\u72b6\u6001",
+                  "value": "\u4eba\u5de5\u5206\u8bca"
+                },
+                {
+                  "label": "\u963b\u585e\u539f\u56e0",
+                  "value": "-"
+                }
+              ]
+            },
+            {
+              "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
+              "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
+              "open": false,
+              "badges": [
+                "\u4eba\u5de5\u5206\u8bca"
+              ],
+              "fields": [
+                {
+                  "label": "\u8fd0\u884c ID",
+                  "value": "-"
+                },
+                {
+                  "label": "\u6f0f\u6d1e\u6761\u76ee",
+                  "value": "nextjs--CVE-2026-27977"
+                },
+                {
+                  "label": "\u72b6\u6001",
+                  "value": "\u4eba\u5de5\u5206\u8bca"
+                },
+                {
+                  "label": "\u963b\u585e\u539f\u56e0",
+                  "value": "-"
+                }
+              ]
             }
           ]
         }
diff --git a/08-threat-intel/generated/dashboard/data/completeness.json b/08-threat-intel/generated/dashboard/data/completeness.json
index cd8444cc..4a1223e6 100644
--- a/08-threat-intel/generated/dashboard/data/completeness.json
+++ b/08-threat-intel/generated/dashboard/data/completeness.json
@@ -1,178 +1,81 @@
 {
-  "generated_at": "2026-03-18T14:22:56+00:00",
-  "advisory_total": 89,
+  "generated_at": "2026-03-18T14:45:55+00:00",
+  "advisory_total": 5,
   "latest_statuses": {
-    "verified-real": 89
+    "triage-manual": 5
   },
   "historical_statuses": {
     "verified-real": 136,
     "blocked-artifact": 3,
     "triage-manual": 1
   },
-  "verified_real": 89,
+  "verified_real": 0,
   "verified_synthetic": 0,
   "blocked": 0,
-  "manual": 0,
-  "verified_ratio": 100.0,
-  "complete": true,
+  "manual": 5,
+  "verified_ratio": 0.0,
+  "complete": false,
   "systems": [
-    {
-      "system_id": "gitea",
-      "display_name": "Gitea",
-      "total": 37,
-      "verified_real": 37,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 0,
-      "families": [
-        {
-          "family": "authz-bypass",
-          "total": 3,
-          "verified_real": 3,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "file-upload",
-          "total": 2,
-          "verified_real": 2,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "proxy-boundary",
-          "total": 26,
-          "verified_real": 26,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "ssrf",
-          "total": 1,
-          "verified_real": 1,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "xss",
-          "total": 5,
-          "verified_real": 5,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        }
-      ]
-    },
     {
       "system_id": "nextjs",
       "display_name": "Next.js",
-      "total": 26,
-      "verified_real": 26,
+      "total": 5,
+      "verified_real": 0,
       "verified_synthetic": 0,
       "blocked": 0,
-      "manual": 0,
-      "families": [
-        {
-          "family": "authz-bypass",
-          "total": 2,
-          "verified_real": 2,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "deserialization",
-          "total": 1,
-          "verified_real": 1,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "proxy-boundary",
-          "total": 19,
-          "verified_real": 19,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "ssrf",
-          "total": 2,
-          "verified_real": 2,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        },
-        {
-          "family": "xss",
-          "total": 2,
-          "verified_real": 2,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        }
-      ]
-    },
-    {
-      "system_id": "undici",
-      "display_name": "Undici",
-      "total": 14,
-      "verified_real": 14,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 0,
-      "families": [
-        {
-          "family": "ssrf",
-          "total": 14,
-          "verified_real": 14,
-          "verified_synthetic": 0,
-          "blocked": 0,
-          "manual": 0
-        }
-      ]
-    },
-    {
-      "system_id": "vite",
-      "display_name": "Vite",
-      "total": 12,
-      "verified_real": 12,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 0,
+      "manual": 5,
       "families": [
         {
           "family": "proxy-boundary",
-          "total": 11,
-          "verified_real": 11,
+          "total": 4,
+          "verified_real": 0,
           "verified_synthetic": 0,
           "blocked": 0,
-          "manual": 0
+          "manual": 4
         },
         {
-          "family": "xss",
+          "family": "request-smuggling",
           "total": 1,
-          "verified_real": 1,
+          "verified_real": 0,
           "verified_synthetic": 0,
           "blocked": 0,
-          "manual": 0
+          "manual": 1
         }
       ]
     }
   ],
   "ingest_health": {
-    "failure_count": 5,
+    "failure_count": 29,
     "failures": [
       "drupal::Drupal Security Advisories Site::HTTPError",
-      "django::Django Security RSS::HTTPError",
-      "haproxy::HAProxy Security Advisories::HTTPError",
       "discourse::Discourse Meta Security::HTTPError",
-      "adobe-commerce::Adobe Security Bulletins::SSLError"
+      "adobe-commerce::Adobe Security Bulletins::ConnectionError",
+      "react::GitHub Global Advisories::TypeError",
+      "nextjs::GitHub Global Advisories::AttributeError",
+      "vue::GitHub Global Advisories::HTTPError",
+      "nuxt::GitHub Global Advisories::HTTPError",
+      "vite::GitHub Global Advisories::HTTPError",
+      "angular::GitHub Global Advisories::HTTPError",
+      "sveltekit::GitHub Global Advisories::HTTPError",
+      "astro::GitHub Global Advisories::HTTPError",
+      "express::GitHub Global Advisories::HTTPError",
+      "nestjs::GitHub Global Advisories::HTTPError",
+      "koa::GitHub Global Advisories::HTTPError",
+      "fastify::GitHub Global Advisories::HTTPError",
+      "hapi::GitHub Global Advisories::HTTPError",
+      "undici::GitHub Global Advisories::HTTPError",
+      "webpack::GitHub Global Advisories::HTTPError",
+      "esbuild::GitHub Global Advisories::HTTPError",
+      "spring-framework::GitHub Global Advisories::HTTPError",
+      "spring-security::GitHub Global Advisories::HTTPError",
+      "spring-boot::GitHub Global Advisories::HTTPError",
+      "laravel::GitHub Global Advisories::HTTPError",
+      "symfony::GitHub Global Advisories::HTTPError",
+      "django::Django Security RSS::HTTPError",
+      "flask::GitHub Global Advisories::HTTPError",
+      "werkzeug::GitHub Global Advisories::HTTPError",
+      "rails::GitHub Global Advisories::HTTPError",
+      "haproxy::HAProxy Security Advisories::HTTPError"
     ]
   },
   "historical_blockers": [
diff --git a/08-threat-intel/generated/dashboard/docs/architecture-library.html b/08-threat-intel/generated/dashboard/docs/architecture-library.html
index 26b3d879..8e747784 100644
--- a/08-threat-intel/generated/dashboard/docs/architecture-library.html
+++ b/08-threat-intel/generated/dashboard/docs/architecture-library.html
@@ -87,7 +87,7 @@
       <h1>当前架构库镜像</h1>
       <div class="meta">工作台内置镜像页：当前架构库结构化数据镜像。</div>
       <pre>{
-  &quot;generated_at&quot;: &quot;2026-03-18T14:22:56+00:00&quot;,
+  &quot;generated_at&quot;: &quot;2026-03-18T14:45:55+00:00&quot;,
   &quot;title&quot;: &quot;当前架构库&quot;,
   &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
   &quot;sections&quot;: [
@@ -119,7 +119,7 @@
         },
         {
           &quot;label&quot;: &quot;当前漏洞条目&quot;,
-          &quot;value&quot;: &quot;89&quot;
+          &quot;value&quot;: &quot;5&quot;
         }
       ],
       &quot;fields&quot;: [
@@ -137,7 +137,7 @@
         },
         {
           &quot;label&quot;: &quot;生成时间&quot;,
-          &quot;value&quot;: &quot;2026-03-18T14:22:56+00:00&quot;
+          &quot;value&quot;: &quot;2026-03-18T14:45:55+00:00&quot;
         }
       ],
       &quot;links&quot;: [
@@ -5945,7 +5945,7 @@
         },
         {
           &quot;label&quot;: &quot;Advisory 数&quot;,
-          &quot;value&quot;: &quot;89&quot;
+          &quot;value&quot;: &quot;5&quot;
         },
         {
           &quot;label&quot;: &quot;状态类型&quot;,
@@ -5953,7 +5953,7 @@
         },
         {
           &quot;label&quot;: &quot;最近失败&quot;,
-          &quot;value&quot;: &quot;0&quot;
+          &quot;value&quot;: &quot;5&quot;
         }
       ],
       &quot;items&quot;: [
@@ -5963,17 +5963,17 @@
           &quot;open&quot;: false,
           &quot;items&quot;: [
             {
-              &quot;title&quot;: &quot;真实版本已实证&quot;,
-              &quot;summary&quot;: &quot;当前累计 89 条。&quot;,
+              &quot;title&quot;: &quot;人工分诊&quot;,
+              &quot;summary&quot;: &quot;当前累计 5 条。&quot;,
               &quot;open&quot;: false,
               &quot;fields&quot;: [
                 {
                   &quot;label&quot;: &quot;状态编码&quot;,
-                  &quot;value&quot;: &quot;verified-real&quot;
+                  &quot;value&quot;: &quot;triage-manual&quot;
                 },
                 {
                   &quot;label&quot;: &quot;数量&quot;,
-                  &quot;value&quot;: &quot;89&quot;
+                  &quot;value&quot;: &quot;5&quot;
                 }
               ]
             }
@@ -5985,9 +5985,134 @@
           &quot;open&quot;: false,
           &quot;items&quot;: [
             {
-              &quot;title&quot;: &quot;暂无失败样本&quot;,
-              &quot;summary&quot;: &quot;当前 summary.json 中没有 recent_failures。&quot;,
-              &quot;open&quot;: false
+              &quot;title&quot;: &quot;Next.js: Unbounded postponed resume buffering can lead to DoS&quot;,
+              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
+              &quot;open&quot;: false,
+              &quot;badges&quot;: [
+                &quot;人工分诊&quot;
+              ],
+              &quot;fields&quot;: [
+                {
+                  &quot;label&quot;: &quot;运行 ID&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;漏洞条目&quot;,
+                  &quot;value&quot;: &quot;nextjs--CVE-2026-27979&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;状态&quot;,
+                  &quot;value&quot;: &quot;人工分诊&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;阻塞原因&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                }
+              ]
+            },
+            {
+              &quot;title&quot;: &quot;Next.js: Unbounded next/image disk cache growth can exhaust storage&quot;,
+              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
+              &quot;open&quot;: false,
+              &quot;badges&quot;: [
+                &quot;人工分诊&quot;
+              ],
+              &quot;fields&quot;: [
+                {
+                  &quot;label&quot;: &quot;运行 ID&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;漏洞条目&quot;,
+                  &quot;value&quot;: &quot;nextjs--CVE-2026-27980&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;状态&quot;,
+                  &quot;value&quot;: &quot;人工分诊&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;阻塞原因&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                }
+              ]
+            },
+            {
+              &quot;title&quot;: &quot;Next.js: HTTP request smuggling in rewrites&quot;,
+              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
+              &quot;open&quot;: false,
+              &quot;badges&quot;: [
+                &quot;人工分诊&quot;
+              ],
+              &quot;fields&quot;: [
+                {
+                  &quot;label&quot;: &quot;运行 ID&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;漏洞条目&quot;,
+                  &quot;value&quot;: &quot;nextjs--CVE-2026-29057&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;状态&quot;,
+                  &quot;value&quot;: &quot;人工分诊&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;阻塞原因&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                }
+              ]
+            },
+            {
+              &quot;title&quot;: &quot;Next.js: null origin can bypass Server Actions CSRF checks&quot;,
+              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
+              &quot;open&quot;: false,
+              &quot;badges&quot;: [
+                &quot;人工分诊&quot;
+              ],
+              &quot;fields&quot;: [
+                {
+                  &quot;label&quot;: &quot;运行 ID&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;漏洞条目&quot;,
+                  &quot;value&quot;: &quot;nextjs--CVE-2026-27978&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;状态&quot;,
+                  &quot;value&quot;: &quot;人工分诊&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;阻塞原因&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                }
+              ]
+            },
+            {
+              &quot;title&quot;: &quot;Next.js: null origin can bypass dev HMR websocket CSRF checks&quot;,
+              &quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
+              &quot;open&quot;: false,
+              &quot;badges&quot;: [
+                &quot;人工分诊&quot;
+              ],
+              &quot;fields&quot;: [
+                {
+                  &quot;label&quot;: &quot;运行 ID&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;漏洞条目&quot;,
+                  &quot;value&quot;: &quot;nextjs--CVE-2026-27977&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;状态&quot;,
+                  &quot;value&quot;: &quot;人工分诊&quot;
+                },
+                {
+                  &quot;label&quot;: &quot;阻塞原因&quot;,
+                  &quot;value&quot;: &quot;-&quot;
+                }
+              ]
             }
           ]
         }
diff --git a/08-threat-intel/generated/dashboard/docs/coverage-matrix.html b/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
index 4d044914..dd7b5ee4 100644
--- a/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
+++ b/08-threat-intel/generated/dashboard/docs/coverage-matrix.html
@@ -109,7 +109,7 @@
 | Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:37/synthetic:0/blocked:0` | `33` | `37` | `0` | `2026-03-03T04:57:57.697708Z` |
+| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
@@ -125,7 +125,7 @@
 | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `0` | `2026-03-13T22:14:13.665535Z` |
+| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `5` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T16:31:34.160932Z` |
 | Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
@@ -145,8 +145,8 @@
 | SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
-| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:14/synthetic:0/blocked:0` | `0` | `14` | `0` | `2026-03-14T09:19:54.772219Z` |
-| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `0` | `2026-02-04T04:37:24.129476Z` |
+| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
+| Vite | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
 | Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
diff --git a/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html b/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
index 96cf9efd..d8278960 100644
--- a/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
+++ b/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
@@ -88,21 +88,18 @@
       <div class="meta">工作台内置镜像页：89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
       <pre># 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-18T14:22:56+00:00`
-- 最新 advisory 完整度: `89/89` `verified-real`
+- 生成时间: `2026-03-18T14:45:55+00:00`
+- 最新 advisory 完整度: `0/5` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
-- 人工/待补证据数量: `0`
-- 完整度百分比: `100.0%`
+- 人工/待补证据数量: `5`
+- 完整度百分比: `0.0%`
 
 ## 系统覆盖矩阵
 
 | 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
 | --- | ---: | ---: | ---: | ---: | ---: | --- |
-| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
-| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) |
-| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
-| vite | 12 | 12 | 0 | 0 | 0 | proxy-boundary(11/11), xss(1/1) |
+| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
 
 ## 历史阻塞项修复纪要
 
@@ -113,12 +110,36 @@
 
 ## Ingest / Source 健康度
 
-- source failures: `5`
+- source failures: `29`
 - drupal::Drupal Security Advisories Site::HTTPError
-- django::Django Security RSS::HTTPError
-- haproxy::HAProxy Security Advisories::HTTPError
 - discourse::Discourse Meta Security::HTTPError
-- adobe-commerce::Adobe Security Bulletins::SSLError
+- adobe-commerce::Adobe Security Bulletins::ConnectionError
+- react::GitHub Global Advisories::TypeError
+- nextjs::GitHub Global Advisories::AttributeError
+- vue::GitHub Global Advisories::HTTPError
+- nuxt::GitHub Global Advisories::HTTPError
+- vite::GitHub Global Advisories::HTTPError
+- angular::GitHub Global Advisories::HTTPError
+- sveltekit::GitHub Global Advisories::HTTPError
+- astro::GitHub Global Advisories::HTTPError
+- express::GitHub Global Advisories::HTTPError
+- nestjs::GitHub Global Advisories::HTTPError
+- koa::GitHub Global Advisories::HTTPError
+- fastify::GitHub Global Advisories::HTTPError
+- hapi::GitHub Global Advisories::HTTPError
+- undici::GitHub Global Advisories::HTTPError
+- webpack::GitHub Global Advisories::HTTPError
+- esbuild::GitHub Global Advisories::HTTPError
+- spring-framework::GitHub Global Advisories::HTTPError
+- spring-security::GitHub Global Advisories::HTTPError
+- spring-boot::GitHub Global Advisories::HTTPError
+- laravel::GitHub Global Advisories::HTTPError
+- symfony::GitHub Global Advisories::HTTPError
+- django::Django Security RSS::HTTPError
+- flask::GitHub Global Advisories::HTTPError
+- werkzeug::GitHub Global Advisories::HTTPError
+- rails::GitHub Global Advisories::HTTPError
+- haproxy::HAProxy Security Advisories::HTTPError
 
 ## 剩余风险说明
 
diff --git a/08-threat-intel/generated/dashboard/runs.json b/08-threat-intel/generated/dashboard/runs.json
index 013e10a4..6a934978 100644
--- a/08-threat-intel/generated/dashboard/runs.json
+++ b/08-threat-intel/generated/dashboard/runs.json
@@ -220,54 +220,7 @@
       "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json",
       "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-62522",
-      "title": "vite allows server.fs.deny bypass via backslash on Windows",
-      "summary": "vite allows server.fs.deny bypass via backslash on Windows",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-10-20T19:54:28Z",
-      "updated_at": "2026-02-04T04:13:38.886554Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-62522",
-        "https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2025-62522",
-        "GHSA-93m4-6634-74q7"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -319,7 +272,6 @@
       ]
     },
     "reasoning_lines": [
-      "vite allows server.fs.deny bypass via backslash on Windows",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -700,59 +652,7 @@
       "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json",
       "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-58752",
-      "title": "Vite's `server.fs` settings were not applied to HTML files",
-      "summary": "Vite's `server.fs` settings were not applied to HTML files",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-09-09T20:54:42Z",
-      "updated_at": "2026-02-04T04:35:16.287471Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-58752",
-        "https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f",
-        "https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e",
-        "https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea",
-        "https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6",
-        "https://github.com/vitejs/vite",
-        "https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md"
-      ],
-      "aliases": [
-        "CVE-2025-58752",
-        "GHSA-jqfw-vq24-v9c3"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -804,7 +704,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite's `server.fs` settings were not applied to HTML files",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -1185,58 +1084,7 @@
       "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json",
       "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-58751",
-      "title": "Vite middleware may serve files starting with the same name with the public directory",
-      "summary": "Vite middleware may serve files starting with the same name with the public directory",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-09-09T20:55:56Z",
-      "updated_at": "2026-02-04T04:33:22.508417Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-58751",
-        "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
-        "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d",
-        "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069",
-        "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec",
-        "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2025-58751",
-        "GHSA-g4jq-h2w9-997c"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -1288,7 +1136,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite middleware may serve files starting with the same name with the public directory",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -1669,54 +1516,7 @@
       "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json",
       "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-46565",
-      "title": "Vite's server.fs.deny bypassed with /. for files under project root",
-      "summary": "Vite's server.fs.deny bypassed with /. for files under project root",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-04-30T17:40:27Z",
-      "updated_at": "2026-02-04T03:27:17.681639Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
-        "https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2025-46565",
-        "GHSA-859w-5945-r5v3"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -1768,7 +1568,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite's server.fs.deny bypassed with /. for files under project root",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -2149,54 +1948,7 @@
       "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json",
       "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-32395",
-      "title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-      "summary": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-04-11T14:06:03Z",
-      "updated_at": "2026-02-04T04:11:44.900383Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
-        "https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2025-32395",
-        "GHSA-356w-63v5-8wf4"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -2248,7 +2000,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -2629,56 +2380,7 @@
       "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json",
       "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-31486",
-      "title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-      "summary": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-04-04T14:20:05Z",
-      "updated_at": "2026-02-04T03:51:38.412061Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
-        "https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
-        "https://github.com/vitejs/vite",
-        "https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
-      ],
-      "aliases": [
-        "CVE-2025-31486",
-        "GHSA-xcj6-pq6g-qj4x"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -2730,7 +2432,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -3111,55 +2812,7 @@
       "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json",
       "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-31125",
-      "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-      "summary": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-03-31T17:31:54Z",
-      "updated_at": "2026-02-04T04:37:24.129476Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
-        "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
-        "https://github.com/vitejs/vite",
-        "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
-      ],
-      "aliases": [
-        "CVE-2025-31125",
-        "GHSA-4r4m-qw57-chr8"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -3211,7 +2864,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -3592,58 +3244,7 @@
       "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json",
       "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-30208",
-      "title": "Vite bypasses server.fs.deny when using ?raw??",
-      "summary": "Vite bypasses server.fs.deny when using ?raw??",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-03-25T14:00:02Z",
-      "updated_at": "2026-02-04T03:13:24.371631Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
-        "https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
-        "https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
-        "https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
-        "https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
-        "https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2025-30208",
-        "GHSA-x574-m823-4x7w"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -3695,7 +3296,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite bypasses server.fs.deny when using ?raw??",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -4076,56 +3676,7 @@
       "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json",
       "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2025-24010",
-      "title": "Websites were able to send any requests to the development server and read the response in vite",
-      "summary": "Websites were able to send any requests to the development server and read the response in vite",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-01-21T19:52:55Z",
-      "updated_at": "2026-02-04T04:37:03.076966Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-24010",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2025-24010",
-        "GHSA-vg6x-rcgg-rjx6"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary",
-        "dom-sink-hardening",
-        "token-cookie-storage",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -4177,7 +3728,6 @@
       ]
     },
     "reasoning_lines": [
-      "Websites were able to send any requests to the development server and read the response in vite",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -4558,64 +4108,7 @@
       "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json",
       "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2024-45812",
-      "title": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-      "summary": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-09-17T19:28:01Z",
-      "updated_at": "2026-02-04T04:04:22.977459Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
-      "secondary_source_urls": [
-        "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
-        "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af",
-        "https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675",
-        "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd",
-        "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
-        "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3",
-        "https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e",
-        "https://github.com/vitejs/vite",
-        "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
-        "https://scnps.co/papers/sp23_domclob.pdf"
-      ],
-      "aliases": [
-        "CVE-2024-45812",
-        "GHSA-64vr-g452-qvp3"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary",
-        "xss-output-encoding",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-xss",
       "vuln_family": "xss",
@@ -4667,7 +4160,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
       "Seed client render page before XSS proof capture.",
       "Runner stores inert payload and validates browser proof only locally.",
       "Browser proof page shows the controlled XSS marker after attack."
@@ -5048,58 +4540,7 @@
       "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json",
       "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2024-45811",
-      "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-      "summary": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-09-17T18:44:12Z",
-      "updated_at": "2026-02-04T04:05:31.919291Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
-        "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
-        "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
-        "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
-        "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
-        "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
-        "https://github.com/vitejs/vite"
-      ],
-      "aliases": [
-        "CVE-2024-45811",
-        "GHSA-9cwx-2883-4wfx"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -5151,7 +4592,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -5532,59 +4972,7 @@
       "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json",
       "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "vite--CVE-2024-23331",
-      "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-      "summary": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-      "display_name": "Vite",
-      "system_id": "vite",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-01-19T21:58:47Z",
-      "updated_at": "2026-02-04T04:17:01.410592Z",
-      "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
-        "https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
-        "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
-        "https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
-        "https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
-        "https://github.com/vitejs/vite",
-        "https://vitejs.dev/config/server-options.html#server-fs-deny"
-      ],
-      "aliases": [
-        "CVE-2024-23331",
-        "GHSA-c24v-8rfc-w8vw"
-      ],
-      "secure_code_topics": [
-        "dependency-upgrade-policy",
-        "file-upload-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "vite-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -5636,7 +5024,6 @@
       ]
     },
     "reasoning_lines": [
-      "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
       "Seed proxy boundary fixture with baseline banner.",
       "Runner proves forwarded proxy boundary state change locally.",
       "Proxy boundary proof banner is visible in the captured browser evidence."
@@ -5954,43 +5341,7 @@
       "/runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json",
       "/runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-2581",
-      "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-      "summary": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-03-13T20:37:58Z",
-      "updated_at": "2026-03-13T20:54:25.417862Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
-        "https://hackerone.com/reports/3513473",
-        "https://cna.openjsf.org/security-advisories.html",
-        "https://github.com/nodejs/undici"
-      ],
-      "aliases": [
-        "CVE-2026-2581",
-        "GHSA-phc3-fgpg-7m6h"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -6038,7 +5389,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -6299,46 +5649,7 @@
       "/runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json",
       "/runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-2229",
-      "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-      "summary": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-03-13T20:41:41Z",
-      "updated_at": "2026-03-13T20:54:26.149214Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
-        "https://hackerone.com/reports/3487486",
-        "https://cna.openjsf.org/security-advisories.html",
-        "https://datatracker.ietf.org/doc/html/rfc7692",
-        "https://github.com/nodejs/undici",
-        "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
-      ],
-      "aliases": [
-        "CVE-2026-2229",
-        "GHSA-v9p9-hfj2-hcw8"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -6386,7 +5697,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -6647,42 +5957,7 @@
       "/runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json",
       "/runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-22036",
-      "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-      "summary": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-01-14T21:06:08Z",
-      "updated_at": "2026-02-04T02:56:17.456091Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
-        "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
-        "https://github.com/nodejs/undici"
-      ],
-      "aliases": [
-        "CVE-2026-22036",
-        "GHSA-g9mf-h72j-4rw9"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -6730,7 +6005,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -6991,43 +6265,7 @@
       "/runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json",
       "/runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-1528",
-      "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-      "summary": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-03-13T20:07:26Z",
-      "updated_at": "2026-03-14T09:17:45.838435Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
-        "https://hackerone.com/reports/3537648",
-        "https://cna.openjsf.org/security-advisories.html",
-        "https://github.com/nodejs/undici"
-      ],
-      "aliases": [
-        "CVE-2026-1528",
-        "GHSA-f269-vfmq-vjvj"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -7075,7 +6313,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -7336,43 +6573,7 @@
       "/runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json",
       "/runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-1527",
-      "title": "Undici has CRLF Injection in undici via `upgrade` option",
-      "summary": "Undici has CRLF Injection in undici via `upgrade` option",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-03-13T20:41:26Z",
-      "updated_at": "2026-03-13T20:54:25.572106Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
-        "https://hackerone.com/reports/3487198",
-        "https://cna.openjsf.org/security-advisories.html",
-        "https://github.com/nodejs/undici"
-      ],
-      "aliases": [
-        "CVE-2026-1527",
-        "GHSA-4992-7rv2-5pvq"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -7420,7 +6621,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici has CRLF Injection in undici via `upgrade` option",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -7681,46 +6881,7 @@
       "/runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json",
       "/runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-1526",
-      "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-      "summary": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-03-13T20:41:56Z",
-      "updated_at": "2026-03-13T20:54:25.563997Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
-        "https://hackerone.com/reports/3481206",
-        "https://cna.openjsf.org/security-advisories.html",
-        "https://datatracker.ietf.org/doc/html/rfc7692",
-        "https://github.com/nodejs/undici",
-        "https://owasp.org/www-community/attacks/Denial_of_Service"
-      ],
-      "aliases": [
-        "CVE-2026-1526",
-        "GHSA-vrm6-8vpv-qv8q"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -7768,7 +6929,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -8029,46 +7189,7 @@
       "/runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json",
       "/runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2026-1525",
-      "title": "Undici has an HTTP Request/Response Smuggling issue",
-      "summary": "Undici has an HTTP Request/Response Smuggling issue",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-03-13T20:07:03Z",
-      "updated_at": "2026-03-14T09:19:54.772219Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
-        "https://hackerone.com/reports/3556037",
-        "https://cna.openjsf.org/security-advisories.html",
-        "https://cwe.mitre.org/data/definitions/444.html",
-        "https://github.com/nodejs/undici",
-        "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
-      ],
-      "aliases": [
-        "CVE-2026-1525",
-        "GHSA-2mjp-6q6p-2qxm"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary",
-        "request-smuggling-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -8116,7 +7237,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici has an HTTP Request/Response Smuggling issue",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -8377,44 +7497,7 @@
       "/runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json",
       "/runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2025-47279",
-      "title": "undici Denial of Service attack via bad certificate data",
-      "summary": "undici Denial of Service attack via bad certificate data",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-05-15T14:15:06Z",
-      "updated_at": "2026-02-06T22:08:08.311705Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
-        "https://github.com/nodejs/undici/issues/3895",
-        "https://github.com/nodejs/undici/pull/4088",
-        "https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
-        "https://github.com/nodejs/undici"
-      ],
-      "aliases": [
-        "CVE-2025-47279",
-        "GHSA-cxrh-j4jr-qwg3"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -8462,7 +7545,6 @@
       ]
     },
     "reasoning_lines": [
-      "undici Denial of Service attack via bad certificate data",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -8723,47 +7805,7 @@
       "/runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json",
       "/runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2025-22150",
-      "title": "Use of Insufficiently Random Values in undici",
-      "summary": "Use of Insufficiently Random Values in undici",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-01-21T21:10:47Z",
-      "updated_at": "2026-02-04T02:29:26.373390Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
-        "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
-        "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
-        "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
-        "https://hackerone.com/reports/2913312",
-        "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
-        "https://github.com/nodejs/undici",
-        "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
-      ],
-      "aliases": [
-        "CVE-2025-22150",
-        "GHSA-c76h-2ccp-4975"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -8811,7 +7853,6 @@
       ]
     },
     "reasoning_lines": [
-      "Use of Insufficiently Random Values in undici",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -9072,48 +8113,7 @@
       "/runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json",
       "/runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2024-30261",
-      "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-      "summary": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-04-04T14:20:54Z",
-      "updated_at": "2025-11-04T19:44:42Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
-        "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
-        "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
-        "https://hackerone.com/reports/2377760",
-        "https://github.com/nodejs/undici",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-        "https://security.netapp.com/advisory/ntap-20240905-0008"
-      ],
-      "aliases": [
-        "CVE-2024-30261",
-        "GHSA-9qxr-qj54-h672"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -9161,7 +8161,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -9422,48 +8421,7 @@
       "/runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json",
       "/runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2024-30260",
-      "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-      "summary": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-04-04T14:20:39Z",
-      "updated_at": "2025-11-04T19:44:28Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
-        "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
-        "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
-        "https://hackerone.com/reports/2408074",
-        "https://github.com/nodejs/undici",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-        "https://security.netapp.com/advisory/ntap-20240905-0008"
-      ],
-      "aliases": [
-        "CVE-2024-30260",
-        "GHSA-m4v8-wqvr-p9f7"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -9511,7 +8469,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -9772,52 +8729,7 @@
       "/runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json",
       "/runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2023-45143",
-      "title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-      "summary": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2023-10-16T14:05:37Z",
-      "updated_at": "2026-02-04T02:35:56.289390Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-      "secondary_source_urls": [
-        "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
-        "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
-        "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
-        "https://hackerone.com/reports/2166948",
-        "https://github.com/nodejs/undici",
-        "https://github.com/nodejs/undici/releases/tag/v5.26.2",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
-        "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
-      ],
-      "aliases": [
-        "CVE-2023-45143",
-        "GHSA-wqq4-5wpv-mx2g"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -9865,7 +8777,6 @@
       ]
     },
     "reasoning_lines": [
-      "Undici's cookie header not cleared on cross-origin redirect in fetch",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -10126,42 +9037,7 @@
       "/runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json",
       "/runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2022-32210",
-      "title": "ProxyAgent vulnerable to MITM",
-      "summary": "ProxyAgent vulnerable to MITM",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2022-06-17T01:02:29Z",
-      "updated_at": "2026-03-13T22:15:23.541247Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
-        "https://hackerone.com/reports/1583680",
-        "https://github.com/nodejs/undici"
-      ],
-      "aliases": [
-        "CVE-2022-32210",
-        "GHSA-pgw7-wx7w-2w33"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -10209,7 +9085,6 @@
       ]
     },
     "reasoning_lines": [
-      "ProxyAgent vulnerable to MITM",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -10470,50 +9345,7 @@
       "/runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json",
       "/runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "undici--CVE-2022-31151",
-      "title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-      "summary": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-      "display_name": "Undici",
-      "system_id": "undici",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2022-07-21T20:31:05Z",
-      "updated_at": "2026-02-04T03:02:08.652391Z",
-      "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
-        "https://github.com/nodejs/undici/issues/872",
-        "https://github.com/nodejs/undici/pull/1441",
-        "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
-        "https://hackerone.com/reports/1635514",
-        "https://github.com/nodejs/undici",
-        "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
-        "https://github.com/nodejs/undici/releases/tag/v5.8.0",
-        "https://security.netapp.com/advisory/ntap-20220909-0006"
-      ],
-      "aliases": [
-        "CVE-2022-31151",
-        "GHSA-q768-x9m6-m9qp"
-      ],
-      "secure_code_topics": [
-        "ssrf-url-validation",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "undici-ssrf",
       "vuln_family": "ssrf",
@@ -10561,7 +9393,6 @@
       ]
     },
     "reasoning_lines": [
-      "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
       "Seed local sink-only request path.",
       "Runner validates local callback using undici-style request fixture.",
       "SSRF proof endpoint confirms only local sink callbacks were performed."
@@ -10885,54 +9716,7 @@
       "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/attack.json",
       "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
-      "title": "Next Server Actions Source Code Exposure ",
-      "summary": "Next Server Actions Source Code Exposure ",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-11T22:49:56Z",
-      "updated_at": "2026-02-04T02:51:40.627151Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
-      "secondary_source_urls": [
-        "https://github.com/vercel/next.js",
-        "https://nextjs.org/blog/security-update-2025-12-11",
-        "https://www.cve.org/CVERecord?id=CVE-2025-55183"
-      ],
-      "aliases": [
-        "GHSA-w37m-7fhw-fmv9"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -10984,7 +9768,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next Server Actions Source Code Exposure ",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -11365,54 +10148,7 @@
       "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/attack.json",
       "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
-      "title": "Next Vulnerable to Denial of Service with Server Components",
-      "summary": "Next Vulnerable to Denial of Service with Server Components",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-11T22:49:27Z",
-      "updated_at": "2026-02-04T03:55:54.855562Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
-      "secondary_source_urls": [
-        "https://github.com/vercel/next.js",
-        "https://nextjs.org/blog/security-update-2025-12-11",
-        "https://www.cve.org/CVERecord?id=CVE-2025-55184"
-      ],
-      "aliases": [
-        "GHSA-mwv6-3258-q52c"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -11464,7 +10200,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next Vulnerable to Denial of Service with Server Components",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -11782,45 +10517,7 @@
       "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/attack.json",
       "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
-      "title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-      "summary": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-01-28T15:38:01Z",
-      "updated_at": "2026-02-13T00:43:52.836085Z",
-      "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
-      "secondary_source_urls": [
-        "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/summary-of-cve-2026-23864"
-      ],
-      "aliases": [
-        "GHSA-h25m-26qc-wcjf"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy",
-        "deserialization-safety"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-deserialization",
       "vuln_family": "deserialization",
@@ -11868,7 +10565,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
       "Seed inert decode path before proof request.",
       "Runner demonstrates unsafe decode path without gadget execution.",
       "Inert decoded object marker is present without executing a gadget chain."
@@ -12192,55 +10888,7 @@
       "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/attack.json",
       "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
-      "title": "Next.js is vulnerable to RCE in React flight protocol",
-      "summary": "Next.js is vulnerable to RCE in React flight protocol",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-03T19:07:11Z",
-      "updated_at": "2026-02-04T03:45:15.823345Z",
-      "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
-      "secondary_source_urls": [
-        "https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
-        "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
-        "https://github.com/vercel/next.js"
-      ],
-      "aliases": [
-        "GHSA-9qr9-h5gf-34mp"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -12292,7 +10940,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js is vulnerable to RCE in React flight protocol",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -12673,56 +11320,7 @@
       "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/attack.json",
       "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
-      "title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-      "summary": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-12T17:21:57Z",
-      "updated_at": "2026-02-04T02:46:38.768104Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
-        "https://github.com/vercel/next.js",
-        "https://nextjs.org/blog/security-update-2025-12-11",
-        "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
-        "https://www.cve.org/CVERecord?id=CVE-2025-55184",
-        "https://www.facebook.com/security/advisories/cve-2025-67779"
-      ],
-      "aliases": [
-        "GHSA-5j59-xgg2-r9c4"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -12774,7 +11372,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -13155,54 +11752,7 @@
       "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-59472",
-      "title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
-      "summary": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-01-28T15:20:55Z",
-      "updated_at": "2026-02-06T13:13:43.709252Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
-      ],
-      "aliases": [
-        "CVE-2025-59472",
-        "GHSA-5f7q-jpqc-wp7h"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -13254,7 +11804,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -13635,57 +12184,7 @@
       "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-59471",
-      "title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
-      "summary": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-01-27T19:18:25Z",
-      "updated_at": "2026-02-10T01:28:46.973023Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
-        "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
-        "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v15.5.10",
-        "https://github.com/vercel/next.js/releases/tag/v16.1.5"
-      ],
-      "aliases": [
-        "CVE-2025-59471",
-        "GHSA-9g9p-9gw9-jx7f"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -13737,7 +12236,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -14055,45 +12553,7 @@
       "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-57822",
-      "title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-      "summary": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-08-29T21:33:09Z",
-      "updated_at": "2026-02-04T04:20:45.658010Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
-        "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/cve-2025-57822"
-      ],
-      "aliases": [
-        "CVE-2025-57822",
-        "GHSA-4342-x723-ch2f"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "ssrf-url-validation"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-ssrf",
       "vuln_family": "ssrf",
@@ -14141,7 +12601,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Improper Middleware Redirect Handling Leads to SSRF",
       "Seed local callback fixture state.",
       "Runner validates sink callback without leaving local network.",
       "Local sink callback is observed from the server-side fetch path."
@@ -14465,56 +12924,7 @@
       "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-57752",
-      "title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-      "summary": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-08-29T22:06:22Z",
-      "updated_at": "2026-02-04T02:50:08.291668Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
-        "https://github.com/vercel/next.js/pull/82114",
-        "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/cve-2025-57752"
-      ],
-      "aliases": [
-        "CVE-2025-57752",
-        "GHSA-g5qg-72qw-gw5v"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -14566,7 +12976,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -14947,56 +13356,7 @@
       "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-55173",
-      "title": "Next.js Content Injection Vulnerability for Image Optimization",
-      "summary": "Next.js Content Injection Vulnerability for Image Optimization",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-08-29T21:59:55Z",
-      "updated_at": "2026-02-04T04:35:34.538107Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
-        "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/cve-2025-55173",
-        "http://vercel.com/changelog/cve-2025-55173"
-      ],
-      "aliases": [
-        "CVE-2025-55173",
-        "GHSA-xv57-4mr9-wg8v"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-xss",
       "vuln_family": "xss",
@@ -15048,7 +13408,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Content Injection Vulnerability for Image Optimization",
       "Seed client-rendering page for XSS proof capture.",
       "Runner injects inert payload and captures browser proof.",
       "Browser proof page shows the XSS execution marker after the controlled payload."
@@ -15429,57 +13788,7 @@
       "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-49826",
-      "title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-      "summary": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-07-03T21:14:48Z",
-      "updated_at": "2025-07-03T21:49:52Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
-        "https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
-        "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v15.1.8",
-        "https://vercel.com/changelog/cve-2025-49826"
-      ],
-      "aliases": [
-        "CVE-2025-49826",
-        "GHSA-67rr-84xm-4c7r"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -15531,7 +13840,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.JS vulnerability can lead to DoS via cache poisoning ",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -15912,58 +14220,7 @@
       "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-49005",
-      "title": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-      "summary": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-07-03T20:30:18Z",
-      "updated_at": "2026-02-04T02:37:18.974477Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-49005",
-        "https://github.com/vercel/next.js/issues/79346",
-        "https://github.com/vercel/next.js/pull/79939",
-        "https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v15.3.3",
-        "https://vercel.com/changelog/cve-2025-49005"
-      ],
-      "aliases": [
-        "CVE-2025-49005",
-        "GHSA-r2fc-ccr8-96c4"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -16015,7 +14272,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -16396,54 +14652,7 @@
       "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-48068",
-      "title": "Information exposure in Next.js dev server due to lack of origin verification",
-      "summary": "Information exposure in Next.js dev server due to lack of origin verification",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-05-28T21:52:13Z",
-      "updated_at": "2025-06-13T14:41:21Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-48068",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/cve-2025-48068"
-      ],
-      "aliases": [
-        "CVE-2025-48068",
-        "GHSA-3h52-269p-cp9r"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -16495,7 +14704,6 @@
       ]
     },
     "reasoning_lines": [
-      "Information exposure in Next.js dev server due to lack of origin verification",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -16876,54 +15084,7 @@
       "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-32421",
-      "title": "Next.js Race Condition to Cache Poisoning",
-      "summary": "Next.js Race Condition to Cache Poisoning",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-05-15T14:12:26Z",
-      "updated_at": "2025-09-26T17:48:29Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-32421",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/cve-2025-32421"
-      ],
-      "aliases": [
-        "CVE-2025-32421",
-        "GHSA-qpjv-v59x-3qc4"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -16975,7 +15136,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Race Condition to Cache Poisoning",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -17356,54 +15516,7 @@
       "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-30218",
-      "title": "Next.js may leak x-middleware-subrequest-id to external hosts",
-      "summary": "Next.js may leak x-middleware-subrequest-id to external hosts",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "medium",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-04-02T22:35:37Z",
-      "updated_at": "2025-10-13T15:35:50Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-30218",
-        "https://github.com/vercel/next.js",
-        "https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O"
-      ],
-      "aliases": [
-        "CVE-2025-30218",
-        "GHSA-223j-4rm8-mrmf"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -17455,7 +15568,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js may leak x-middleware-subrequest-id to external hosts",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -17773,50 +15885,7 @@
       "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2025-29927",
-      "title": "Authorization Bypass in Next.js Middleware",
-      "summary": "Authorization Bypass in Next.js Middleware",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-03-21T15:20:12Z",
-      "updated_at": "2026-03-04T15:06:29.993197Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
-        "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
-        "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v12.3.5",
-        "https://github.com/vercel/next.js/releases/tag/v13.5.9",
-        "https://security.netapp.com/advisory/ntap-20250328-0002",
-        "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
-        "http://www.openwall.com/lists/oss-security/2025/03/23/3",
-        "http://www.openwall.com/lists/oss-security/2025/03/23/4"
-      ],
-      "aliases": [
-        "CVE-2025-29927",
-        "GHSA-f82v-jwr5-mffw"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-authz-bypass",
       "vuln_family": "authz-bypass",
@@ -17864,7 +15933,6 @@
       ]
     },
     "reasoning_lines": [
-      "Authorization Bypass in Next.js Middleware",
       "Seed guest/admin route fixture for server-side recheck.",
       "Runner performs local authz bypass proof only.",
       "Protected route is reachable only after the controlled bypass proof step."
@@ -18188,53 +16256,7 @@
       "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2024-56332",
-      "title": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-      "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-01-03T20:19:29Z",
-      "updated_at": "2026-02-04T04:36:04.252972Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
-        "https://github.com/vercel/next.js"
-      ],
-      "aliases": [
-        "CVE-2024-56332",
-        "GHSA-7m27-7ghc-44w9"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -18286,7 +16308,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Allows a Denial of Service (DoS) with Server Actions",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -18604,44 +16625,7 @@
       "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2024-51479",
-      "title": "Next.js authorization bypass vulnerability",
-      "summary": "Next.js authorization bypass vulnerability",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-12-17T15:09:06Z",
-      "updated_at": "2025-09-10T21:12:24Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
-        "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v14.2.15"
-      ],
-      "aliases": [
-        "CVE-2024-51479",
-        "GHSA-7gfc-8cq8-jh5f"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-authz-bypass",
       "vuln_family": "authz-bypass",
@@ -18689,7 +16673,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js authorization bypass vulnerability",
       "Seed guest/admin route fixture for server-side recheck.",
       "Runner performs local authz bypass proof only.",
       "Protected route is reachable only after the controlled bypass proof step."
@@ -19013,54 +16996,7 @@
       "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2024-47831",
-      "title": "Denial of Service condition in Next.js image optimization",
-      "summary": "Denial of Service condition in Next.js image optimization",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-10-14T19:45:21Z",
-      "updated_at": "2026-02-04T03:25:43.295558Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
-        "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
-        "https://github.com/vercel/next.js"
-      ],
-      "aliases": [
-        "CVE-2024-47831",
-        "GHSA-g77x-44xx-532m"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -19112,7 +17048,6 @@
       ]
     },
     "reasoning_lines": [
-      "Denial of Service condition in Next.js image optimization",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -19493,55 +17428,7 @@
       "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2024-46982",
-      "title": "Next.js Cache Poisoning",
-      "summary": "Next.js Cache Poisoning",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-09-17T21:58:09Z",
-      "updated_at": "2026-02-04T03:45:33.402195Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
-        "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
-        "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
-        "https://github.com/vercel/next.js"
-      ],
-      "aliases": [
-        "CVE-2024-46982",
-        "GHSA-gp8f-8m3g-qvj9"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -19593,7 +17480,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Cache Poisoning",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -19911,45 +17797,7 @@
       "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2024-34351",
-      "title": "Next.js Server-Side Request Forgery in Server Actions",
-      "summary": "Next.js Server-Side Request Forgery in Server Actions",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-05-09T21:18:57Z",
-      "updated_at": "2026-02-04T03:32:36.434669Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
-        "https://github.com/vercel/next.js/pull/62561",
-        "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
-        "https://github.com/vercel/next.js"
-      ],
-      "aliases": [
-        "CVE-2024-34351",
-        "GHSA-fr5h-rqp8-mj6g"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "ssrf-url-validation"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-ssrf",
       "vuln_family": "ssrf",
@@ -19997,7 +17845,6 @@
       ]
     },
     "reasoning_lines": [
-      "Next.js Server-Side Request Forgery in Server Actions",
       "Seed local callback fixture state.",
       "Runner validates sink callback without leaving local network.",
       "Local sink callback is observed from the server-side fetch path."
@@ -20321,58 +18168,7 @@
       "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2021-43803",
-      "title": "Unexpected server crash in Next.js.",
-      "summary": "Unexpected server crash in Next.js.",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2021-12-07T21:12:09Z",
-      "updated_at": "2026-03-13T22:00:36.554552Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-43803",
-        "https://github.com/vercel/next.js/pull/32080",
-        "https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v11.1.3",
-        "https://github.com/vercel/next.js/releases/v12.0.5"
-      ],
-      "aliases": [
-        "CVE-2021-43803",
-        "GHSA-25mp-g6fv-mqxx"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -20424,7 +18220,6 @@
       ]
     },
     "reasoning_lines": [
-      "Unexpected server crash in Next.js.",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -20805,57 +18600,7 @@
       "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2021-39178",
-      "title": "XSS in Image Optimization API for Next.js",
-      "summary": "XSS in Image Optimization API for Next.js",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2021-09-01T18:24:22Z",
-      "updated_at": "2026-03-13T22:00:20.154452Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-39178",
-        "https://github.com/vercel/next.js/pull/28620",
-        "https://github.com/vercel/next.js/commit/7afc97c5744b38bdf36aa7f87625f438224688aa",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v11.1.1"
-      ],
-      "aliases": [
-        "CVE-2021-39178",
-        "GHSA-9gr3-7897-pp7m"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-xss",
       "vuln_family": "xss",
@@ -20907,7 +18652,6 @@
       ]
     },
     "reasoning_lines": [
-      "XSS in Image Optimization API for Next.js",
       "Seed client-rendering page for XSS proof capture.",
       "Runner injects inert payload and captures browser proof.",
       "Browser proof page shows the XSS execution marker after the controlled payload."
@@ -21288,55 +19032,7 @@
       "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2021-37699",
-      "title": "Open Redirect in Next.js",
-      "summary": "Open Redirect in Next.js",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2021-08-12T14:51:14Z",
-      "updated_at": "2026-03-13T22:00:08.038285Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-37699",
-        "https://github.com/vercel/next.js",
-        "https://github.com/vercel/next.js/releases/tag/v11.1.0"
-      ],
-      "aliases": [
-        "CVE-2021-37699",
-        "GHSA-vxf5-wxwp-m7g9"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -21388,7 +19084,6 @@
       ]
     },
     "reasoning_lines": [
-      "Open Redirect in Next.js",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -21769,55 +19464,7 @@
       "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2020-5284",
-      "title": "Directory Traversal in Next.js",
-      "summary": "Directory Traversal in Next.js",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2020-03-30T20:40:50Z",
-      "updated_at": "2025-09-26T17:49:56Z",
-      "official_source_url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2020-5284",
-        "https://github.com/zeit/next.js/releases/tag/v9.3.2",
-        "https://www.npmjs.com/advisories/1503"
-      ],
-      "aliases": [
-        "CVE-2020-5284",
-        "GHSA-fq77-7p7r-83rj"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage",
-        "path-traversal-guard"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -21869,7 +19516,6 @@
       ]
     },
     "reasoning_lines": [
-      "Directory Traversal in Next.js",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -22250,54 +19896,7 @@
       "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/attack.json",
       "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "nextjs--CVE-2020-15242",
-      "title": "Open Redirect in Next.js versions",
-      "summary": "Open Redirect in Next.js versions",
-      "display_name": "Next.js",
-      "system_id": "nextjs",
-      "category": "frameworks",
-      "severity": "low",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2020-10-08T19:28:07Z",
-      "updated_at": "2026-03-13T22:14:13.665535Z",
-      "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
-        "https://github.com/vercel/next.js",
-        "https://github.com/zeit/next.js/releases/tag/v9.5.4"
-      ],
-      "aliases": [
-        "CVE-2020-15242",
-        "GHSA-x56p-c8cg-q435"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "proxy-trust-boundary",
-        "token-cookie-storage"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "nextjs-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -22349,7 +19948,6 @@
       ]
     },
     "reasoning_lines": [
-      "Open Redirect in Next.js versions",
       "Seed middleware boundary fixture with clean proxy state.",
       "Runner performs forwarded-header proof against local fixture only.",
       "Middleware trust-boundary proof is visible on the browser proof page."
@@ -22730,60 +20328,7 @@
       "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20912",
-      "title": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
-      "summary": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:55.747880Z",
-      "official_source_url": "https://github.com/advisories/GHSA-4xx9-vc8v-87hv",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20912",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
-        "https://github.com/go-gitea/gitea/pull/36320",
-        "https://github.com/go-gitea/gitea/pull/36355",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20912",
-        "CVE-2026-20912",
-        "GHSA-4xx9-vc8v-87hv",
-        "GHSA-vfmv-f93v-37mw",
-        "GO-2026-4364"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-file-upload",
       "vuln_family": "file-upload",
@@ -22835,7 +20380,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
       "Seed empty attachment list for upload proof.",
       "Runner uploads inert text marker only.",
       "Inert upload marker is accepted and listed on the proof page."
@@ -23216,60 +20760,7 @@
       "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20904",
-      "title": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
-      "summary": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:54.244003Z",
-      "official_source_url": "https://github.com/advisories/GHSA-qqgv-v353-cv8p",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20904",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/ed5720af2ac94d74f822721c05b42b6148ff9c22",
-        "https://github.com/go-gitea/gitea/pull/36346",
-        "https://github.com/go-gitea/gitea/pull/36361",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20904",
-        "CVE-2026-20904",
-        "GHSA-jrpc-w85r-hgqx",
-        "GHSA-qqgv-v353-cv8p",
-        "GO-2026-4369"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -23321,7 +20812,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -23702,60 +21192,7 @@
       "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20897",
-      "title": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
-      "summary": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:55.339967Z",
-      "official_source_url": "https://github.com/advisories/GHSA-393c-qgvj-3xph",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20897",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/da036f3f35ca830b22cf4480912ed261303b798f",
-        "https://github.com/go-gitea/gitea/pull/36344",
-        "https://github.com/go-gitea/gitea/pull/36349",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20897",
-        "CVE-2026-20897",
-        "GHSA-393c-qgvj-3xph",
-        "GHSA-rrq5-r9h5-pc7c",
-        "GO-2026-4363"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -23807,7 +21244,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -24188,59 +21624,7 @@
       "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20888",
-      "title": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
-      "summary": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:56.025932Z",
-      "official_source_url": "https://github.com/advisories/GHSA-9cgq-wp42-4rpq",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20888",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/pull/36341",
-        "https://github.com/go-gitea/gitea/pull/36356",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20888",
-        "CVE-2026-20888",
-        "GHSA-9cgq-wp42-4rpq",
-        "GHSA-ccq9-c5hv-cf64",
-        "GO-2026-4366"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -24292,7 +21676,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -24673,60 +22056,7 @@
       "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20883",
-      "title": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
-      "summary": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:54.692700Z",
-      "official_source_url": "https://github.com/advisories/GHSA-j8xr-c56q-m8jj",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20883",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/95ea2df00a70176c516b12f3cfee8c84a310280f",
-        "https://github.com/go-gitea/gitea/pull/36340",
-        "https://github.com/go-gitea/gitea/pull/36368",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20883",
-        "CVE-2026-20883",
-        "GHSA-644v-xv3j-xgqg",
-        "GHSA-j8xr-c56q-m8jj",
-        "GO-2026-4368"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -24778,7 +22108,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -25159,59 +22488,7 @@
       "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20800",
-      "title": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
-      "summary": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:54.012782Z",
-      "official_source_url": "https://github.com/advisories/GHSA-2vgv-hgv4-22mh",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20800",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/67e75f30a83d2523cedc37ad7b03bcba66947833",
-        "https://github.com/go-gitea/gitea/pull/36339",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20800",
-        "CVE-2026-20800",
-        "GHSA-2vgv-hgv4-22mh",
-        "GHSA-g54m-9f6g-wj7q",
-        "GO-2026-4362"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -25263,7 +22540,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -25644,60 +22920,7 @@
       "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20750",
-      "title": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
-      "summary": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:57.697708Z",
-      "official_source_url": "https://github.com/advisories/GHSA-rw22-5hhq-pfpf",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20750",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/7b5de594cd92e30b9c3d40ffda119acad794cc64",
-        "https://github.com/go-gitea/gitea/pull/36318",
-        "https://github.com/go-gitea/gitea/pull/36373",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20750",
-        "CVE-2026-20750",
-        "GHSA-h4fh-pc4w-8w27",
-        "GHSA-rw22-5hhq-pfpf",
-        "GO-2026-4370"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -25749,7 +22972,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -26067,49 +23289,7 @@
       "/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-20736",
-      "title": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
-      "summary": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:53.977351Z",
-      "official_source_url": "https://github.com/advisories/GHSA-hgr3-x44x-33hx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-20736",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
-        "https://github.com/go-gitea/gitea/pull/36320",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-20736",
-        "CVE-2026-20736",
-        "GHSA-hgr3-x44x-33hx",
-        "GHSA-jr6h-pwwp-c8g6",
-        "GO-2026-4367"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "file-upload-validation"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-authz-bypass",
       "vuln_family": "authz-bypass",
@@ -26157,7 +23337,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
       "Seed low-privilege and admin boundary fixture state.",
       "Runner verifies guest-to-admin bypass only inside fixture route.",
       "Controlled guest request reaches the protected admin route inside the fixture."
@@ -26481,58 +23660,7 @@
       "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/attack.json",
       "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2026-0798",
-      "title": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
-      "summary": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-02-02T21:05:55Z",
-      "updated_at": "2026-03-03T04:57:54.518308Z",
-      "official_source_url": "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2026-0798",
-        "https://blog.gitea.com/release-of-1.25.4",
-        "https://github.com/go-gitea/gitea/pull/36319",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2026-0798",
-        "CVE-2026-0798",
-        "GHSA-8fwc-qjw5-rvgp",
-        "GHSA-f4wq-6ww5-m56p",
-        "GO-2026-4365"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -26584,7 +23712,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -26965,58 +24092,7 @@
       "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-69413",
-      "title": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
-      "summary": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2026-01-12T17:39:39Z",
-      "updated_at": "2026-03-03T04:57:49.801641Z",
-      "official_source_url": "https://github.com/advisories/GHSA-pc73-rj2c-wvf9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-69413",
-        "https://blog.gitea.com/release-of-1.25.2",
-        "https://github.com/go-gitea/gitea/issues/35984",
-        "https://github.com/go-gitea/gitea/pull/36002",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-69413",
-        "CVE-2025-69413",
-        "GHSA-pc73-rj2c-wvf9",
-        "GO-2026-4274"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -27068,7 +24144,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -27449,58 +24524,7 @@
       "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68946",
-      "title": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
-      "summary": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:50.473303Z",
-      "official_source_url": "https://github.com/advisories/GHSA-hq57-c72x-4774",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68946",
-        "https://blog.gitea.com/release-of-1.20.1",
-        "https://github.com/go-gitea/gitea/pull/25960",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.20.1"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68946",
-        "CVE-2025-68946",
-        "GHSA-hq57-c72x-4774",
-        "GO-2025-4265"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-xss",
       "vuln_family": "xss",
@@ -27552,7 +24576,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
       "Seed stored content page before browser proof capture.",
       "Runner stores inert script payload and captures proof page.",
       "Browser proof page renders the stored XSS marker after the controlled payload."
@@ -27933,57 +24956,7 @@
       "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68945",
-      "title": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
-      "summary": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:51.457970Z",
-      "official_source_url": "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68945",
-        "https://blog.gitea.com/release-of-1.21.2",
-        "https://github.com/go-gitea/gitea/pull/28423",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.21.2"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68945",
-        "CVE-2025-68945",
-        "GHSA-7xq4-mwcp-q8fx",
-        "GO-2025-4262"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -28035,7 +25008,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -28353,47 +25325,7 @@
       "/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68944",
-      "title": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
-      "summary": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:50.526913Z",
-      "official_source_url": "https://github.com/advisories/GHSA-f85h-c7m6-cfpm",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68944",
-        "https://blog.gitea.com/release-of-1.22.2",
-        "https://github.com/go-gitea/gitea/pull/31967",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68944",
-        "CVE-2025-68944",
-        "GHSA-f85h-c7m6-cfpm",
-        "GO-2025-4264"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "dependency-upgrade-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-authz-bypass",
       "vuln_family": "authz-bypass",
@@ -28441,7 +25373,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
       "Seed low-privilege and admin boundary fixture state.",
       "Runner verifies guest-to-admin bypass only inside fixture route.",
       "Controlled guest request reaches the protected admin route inside the fixture."
@@ -28765,57 +25696,7 @@
       "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68943",
-      "title": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
-      "summary": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:49.213758Z",
-      "official_source_url": "https://github.com/advisories/GHSA-jhx5-4vr4-f327",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68943",
-        "https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10",
-        "https://github.com/go-gitea/gitea/pull/29430",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.21.8"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68943",
-        "CVE-2025-68943",
-        "GHSA-jhx5-4vr4-f327",
-        "GO-2025-4266"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -28867,7 +25748,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -29248,58 +26128,7 @@
       "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68942",
-      "title": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
-      "summary": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:49.781753Z",
-      "official_source_url": "https://github.com/advisories/GHSA-898p-hh3p-hf9r",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68942",
-        "https://blog.gitea.com/release-of-1.22.2",
-        "https://github.com/go-gitea/gitea/pull/31966",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68942",
-        "CVE-2025-68942",
-        "GHSA-898p-hh3p-hf9r",
-        "GO-2025-4263"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-xss",
       "vuln_family": "xss",
@@ -29351,7 +26180,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
       "Seed stored content page before browser proof capture.",
       "Runner stores inert script payload and captures proof page.",
       "Browser proof page renders the stored XSS marker after the controlled payload."
@@ -29732,57 +26560,7 @@
       "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68941",
-      "title": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
-      "summary": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:50.339953Z",
-      "official_source_url": "https://github.com/advisories/GHSA-xfq3-qj7j-4565",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68941",
-        "https://blog.gitea.com/release-of-1.22.3",
-        "https://github.com/go-gitea/gitea/pull/32218",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.22.3"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68941",
-        "CVE-2025-68941",
-        "GHSA-xfq3-qj7j-4565",
-        "GO-2025-4268"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -29834,7 +26612,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -30152,46 +26929,7 @@
       "/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68940",
-      "title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-      "summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:50.087298Z",
-      "official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
-        "https://blog.gitea.com/release-of-1.22.5",
-        "https://github.com/go-gitea/gitea/pull/32654",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68940",
-        "CVE-2025-68940",
-        "GHSA-rrcw-5rjv-vj26",
-        "GO-2025-4267"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-authz-bypass",
       "vuln_family": "authz-bypass",
@@ -30239,7 +26977,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
       "Seed low-privilege and admin boundary fixture state.",
       "Runner verifies guest-to-admin bypass only inside fixture route.",
       "Controlled guest request reaches the protected admin route inside the fixture."
@@ -30563,58 +27300,7 @@
       "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68939",
-      "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-      "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:48.777563Z",
-      "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-        "https://blog.gitea.com/release-of-1.23.0",
-        "https://github.com/go-gitea/gitea/pull/32151",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68939",
-        "CVE-2025-68939",
-        "GHSA-263q-5cv3-xq9g",
-        "GO-2025-4261"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "plugin-extension-trust-policy"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-file-upload",
       "vuln_family": "file-upload",
@@ -30666,7 +27352,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
       "Seed empty attachment list for upload proof.",
       "Runner uploads inert text marker only.",
       "Inert upload marker is accepted and listed on the proof page."
@@ -31047,57 +27732,7 @@
       "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/attack.json",
       "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2025-68938",
-      "title": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
-      "summary": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2025-12-30T01:49:57Z",
-      "updated_at": "2026-03-03T04:57:49.095775Z",
-      "official_source_url": "https://github.com/advisories/GHSA-cm54-pfmc-xrwx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2025-68938",
-        "https://blog.gitea.com/release-of-1.25.2",
-        "https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
-      ],
-      "aliases": [
-        "BIT-gitea-2025-68938",
-        "CVE-2025-68938",
-        "GHSA-cm54-pfmc-xrwx",
-        "GO-2025-4258"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -31149,7 +27784,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -31530,57 +28164,7 @@
       "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-42968",
-      "title": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
-      "summary": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T16:03:24Z",
-      "updated_at": "2026-03-03T04:52:41.181693Z",
-      "official_source_url": "https://github.com/advisories/GHSA-w8xw-7crf-h23x",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-42968",
-        "https://github.com/go-gitea/gitea/pull/21463",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.17.3",
-        "https://security.gentoo.org/glsa/202210-14"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-42968",
-        "CVE-2022-42968",
-        "GHSA-w8xw-7crf-h23x",
-        "GO-2022-1065"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -31632,7 +28216,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -32013,57 +28596,7 @@
       "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-38795",
-      "title": "Gitea erroneous repo clones in code.gitea.io/gitea",
-      "summary": "Gitea erroneous repo clones in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:17:52Z",
-      "updated_at": "2026-03-03T04:54:07.076900Z",
-      "official_source_url": "https://github.com/advisories/GHSA-8j3v-68w3-3848",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-38795",
-        "https://blog.gitea.com/release-of-1.17.2",
-        "https://github.com/go-gitea/gitea/pull/20869",
-        "https://github.com/go-gitea/gitea/pull/20892"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-38795",
-        "CVE-2022-38795",
-        "GHSA-8j3v-68w3-3848",
-        "GO-2023-1999"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -32115,7 +28648,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea erroneous repo clones in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -32496,58 +29028,7 @@
       "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-38183",
-      "title": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-      "summary": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-06-10T16:38:54Z",
-      "updated_at": "2026-03-03T04:55:04.505871Z",
-      "official_source_url": "https://github.com/advisories/GHSA-fhv8-m4j4-cww2",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-38183",
-        "https://blog.gitea.io/2022/07/gitea-1.16.9-is-released",
-        "https://github.com/go-gitea/gitea/pull/20133",
-        "https://github.com/go-gitea/gitea/pull/20196",
-        "https://herolab.usd.de/security-advisories/usd-2022-0015"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-38183",
-        "CVE-2022-38183",
-        "GHSA-fhv8-m4j4-cww2",
-        "GO-2024-2769"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -32599,7 +29080,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea allowed assignment of private issues in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -32980,59 +29460,7 @@
       "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-30781",
-      "title": "Shell command injection in gitea in code.gitea.io/gitea",
-      "summary": "Shell command injection in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:31Z",
-      "updated_at": "2026-03-03T04:50:23.949796Z",
-      "official_source_url": "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-30781",
-        "http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html",
-        "http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html",
-        "https://blog.gitea.io/2022/05/gitea-1.16.7-is-released",
-        "https://github.com/go-gitea/gitea/pull/19487",
-        "https://github.com/go-gitea/gitea/pull/19490"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-30781",
-        "CVE-2022-30781",
-        "GHSA-p5f9-c9j9-g8qx",
-        "GO-2022-0450"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -33084,7 +29512,6 @@
       ]
     },
     "reasoning_lines": [
-      "Shell command injection in gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -33465,56 +29892,7 @@
       "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-27313",
-      "title": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-      "summary": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:31Z",
-      "updated_at": "2026-03-03T04:50:19.647131Z",
-      "official_source_url": "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-27313",
-        "https://github.com/go-gitea/gitea/pull/19072",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.16.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-27313",
-        "CVE-2022-27313",
-        "GHSA-g7p7-x6w7-w6qg",
-        "GO-2022-0442"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -33566,7 +29944,6 @@
       ]
     },
     "reasoning_lines": [
-      "Arbitrary file deletion in gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -33947,60 +30324,7 @@
       "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-1928",
-      "title": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-      "summary": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:40Z",
-      "updated_at": "2026-03-03T04:50:45.577318Z",
-      "official_source_url": "https://github.com/advisories/GHSA-ph3w-2843-72mx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-1928",
-        "https://github.com/go-gitea/gitea",
-        "https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c",
-        "https://github.com/go-gitea/gitea/pull/19825",
-        "https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2",
-        "https://security.gentoo.org/glsa/202210-14"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-1928",
-        "CVE-2022-1928",
-        "GHSA-ph3w-2843-72mx",
-        "GO-2022-0612"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-xss",
       "vuln_family": "xss",
@@ -34052,7 +30376,6 @@
       ]
     },
     "reasoning_lines": [
-      "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
       "Seed stored content page before browser proof capture.",
       "Runner stores inert script payload and captures proof page.",
       "Browser proof page renders the stored XSS marker after the controlled payload."
@@ -34433,58 +30756,7 @@
       "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-1058",
-      "title": "Gitea Open Redirect in code.gitea.io/gitea",
-      "summary": "Gitea Open Redirect in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-06-04T15:19:21Z",
-      "updated_at": "2026-03-03T04:51:49.844240Z",
-      "official_source_url": "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-1058",
-        "https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48",
-        "https://github.com/go-gitea/gitea/pull/19175",
-        "https://github.com/go-gitea/gitea/pull/19186",
-        "https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-1058",
-        "CVE-2022-1058",
-        "GHSA-4rqq-rxvc-v2rc",
-        "GO-2024-2752"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -34536,7 +30808,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea Open Redirect in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -34917,57 +31188,7 @@
       "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-0905",
-      "title": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-      "summary": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:40Z",
-      "updated_at": "2026-03-03T04:50:45.472605Z",
-      "official_source_url": "https://github.com/advisories/GHSA-jr9c-h74f-2v28",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-0905",
-        "https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2",
-        "https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314",
-        "https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-0905",
-        "CVE-2022-0905",
-        "GHSA-jr9c-h74f-2v28",
-        "GO-2022-0609"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -35019,7 +31240,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -35400,56 +31620,7 @@
       "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-45331",
-      "title": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-      "summary": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:30:29Z",
-      "updated_at": "2026-03-03T04:52:07.604662Z",
-      "official_source_url": "https://github.com/advisories/GHSA-hfmf-q69j-6m5p",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-45331",
-        "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released",
-        "https://github.com/go-gitea/gitea/pull/3878"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-45331",
-        "CVE-2021-45331",
-        "GHSA-hfmf-q69j-6m5p",
-        "GO-2022-0315"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -35501,7 +31672,6 @@
       ]
     },
     "reasoning_lines": [
-      "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -35882,56 +32052,7 @@
       "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-45330",
-      "title": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-      "summary": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T16:03:21Z",
-      "updated_at": "2026-03-03T04:52:33.136607Z",
-      "official_source_url": "https://github.com/advisories/GHSA-pg38-r834-g45j",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-45330",
-        "https://github.com/go-gitea/gitea/issues/4336",
-        "https://github.com/go-gitea/gitea/pull/4840"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-45330",
-        "CVE-2021-45330",
-        "GHSA-pg38-r834-g45j",
-        "GO-2022-0982"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -35983,7 +32104,6 @@
       ]
     },
     "reasoning_lines": [
-      "Improper Privilege Management in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -36364,61 +32484,7 @@
       "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-45327",
-      "title": "Capture-replay in Gitea in code.gitea.io/gitea",
-      "summary": "Capture-replay in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:30:26Z",
-      "updated_at": "2026-03-03T04:52:07.840324Z",
-      "official_source_url": "https://github.com/advisories/GHSA-jrpg-35hw-m4p9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-45327",
-        "https://blog.gitea.io/2020/03/gitea-1.11.2-is-released",
-        "https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67",
-        "https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab",
-        "https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea",
-        "https://github.com/go-gitea/gitea/pull/10462",
-        "https://github.com/go-gitea/gitea/pull/10465",
-        "https://github.com/go-gitea/gitea/pull/10582"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-45327",
-        "CVE-2021-45327",
-        "GHSA-jrpg-35hw-m4p9",
-        "GO-2022-0310"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -36470,7 +32536,6 @@
       ]
     },
     "reasoning_lines": [
-      "Capture-replay in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -36851,55 +32916,7 @@
       "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-3382",
-      "title": "Buffer Overflow in gitea in code.gitea.io/gitea",
-      "summary": "Buffer Overflow in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-06-04T15:19:21Z",
-      "updated_at": "2026-03-03T04:55:15.307648Z",
-      "official_source_url": "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-3382",
-        "https://github.com/go-gitea/gitea/pull/14390"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-3382",
-        "CVE-2021-3382",
-        "GHSA-9f8c-pfvv-p4gm",
-        "GO-2024-2757"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -36951,7 +32968,6 @@
       ]
     },
     "reasoning_lines": [
-      "Buffer Overflow in gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -37332,58 +33348,7 @@
       "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-29134",
-      "title": "Path Traversal in Gitea in code.gitea.io/gitea",
-      "summary": "Path Traversal in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:30:29Z",
-      "updated_at": "2026-03-03T04:50:06.638863Z",
-      "official_source_url": "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-29134",
-        "https://github.com/go-gitea/gitea/pull/15125/files",
-        "https://github.com/go-gitea/gitea/releases",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.13.6"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-29134",
-        "CVE-2021-29134",
-        "GHSA-h3q4-vmw4-cpr5",
-        "GO-2022-0353"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "path-traversal-guard"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -37435,7 +33400,6 @@
       ]
     },
     "reasoning_lines": [
-      "Path Traversal in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -37816,59 +33780,7 @@
       "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-28378",
-      "title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-      "summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:29:04Z",
-      "updated_at": "2026-03-03T04:52:18.307544Z",
-      "official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
-        "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
-        "https://github.com/PandatiX/CVE-2021-28378",
-        "https://github.com/go-gitea/gitea/pull/14898",
-        "https://github.com/go-gitea/gitea/pull/14899"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-28378",
-        "CVE-2021-28378",
-        "GHSA-g95p-88p4-76cm",
-        "GO-2022-0832"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-xss",
       "vuln_family": "xss",
@@ -37920,7 +33832,6 @@
       ]
     },
     "reasoning_lines": [
-      "Cross-site Scripting in Gitea in code.gitea.io/gitea",
       "Seed stored content page before browser proof capture.",
       "Runner stores inert script payload and captures proof page.",
       "Browser proof page renders the stored XSS marker after the controlled payload."
@@ -38301,57 +34212,7 @@
       "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/attack.json",
       "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2020-13246",
-      "title": "Denial of Service in Gitea in code.gitea.io/gitea",
-      "summary": "Denial of Service in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:29:04Z",
-      "updated_at": "2026-03-03T04:52:17.939867Z",
-      "official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
-        "https://github.com/go-gitea/gitea/issues/10549",
-        "https://github.com/go-gitea/gitea/pull/11438",
-        "https://www.youtube.com/watch?v=DmVgADSVS88"
-      ],
-      "aliases": [
-        "BIT-gitea-2020-13246",
-        "CVE-2020-13246",
-        "GHSA-g2qx-6ghw-67hm",
-        "GO-2022-0830"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -38403,7 +34264,6 @@
       ]
     },
     "reasoning_lines": [
-      "Denial of Service in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -38784,55 +34644,7 @@
       "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json",
       "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2019-1010261",
-      "title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-      "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-20T20:31:38Z",
-      "updated_at": "2026-03-03T04:53:57.848904Z",
-      "official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
-        "https://github.com/go-gitea/gitea/pull/5905"
-      ],
-      "aliases": [
-        "CVE-2019-1010261",
-        "GHSA-5rh7-6gfj-mc87",
-        "GO-2023-1922"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-xss",
       "vuln_family": "xss",
@@ -38884,7 +34696,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea XSS Vulnerability in code.gitea.io/gitea",
       "Seed stored content page before browser proof capture.",
       "Runner stores inert script payload and captures proof page.",
       "Browser proof page renders the stored XSS marker after the controlled payload."
@@ -39265,56 +35076,7 @@
       "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
       "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2018-18926",
-      "title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-      "summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:29:04Z",
-      "updated_at": "2026-03-03T04:52:20.787387Z",
-      "official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
-        "https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
-        "https://github.com/go-gitea/gitea/issues/5140",
-        "https://github.com/go-gitea/gitea/pull/5177"
-      ],
-      "aliases": [
-        "CVE-2018-18926",
-        "GHSA-hf6f-jq25-8gq9",
-        "GO-2022-0844"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": true,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -39366,7 +35128,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -39684,49 +35445,7 @@
       "/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
       "/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2018-15192",
-      "title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-      "summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-20T20:32:20Z",
-      "updated_at": "2026-03-03T04:54:04.686907Z",
-      "official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
-        "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
-        "https://github.com/go-gitea/gitea/issues/4624",
-        "https://github.com/go-gitea/gitea/pull/17482",
-        "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
-        "https://github.com/gogs/gogs/issues/5366",
-        "https://github.com/gogs/gogs/pull/6002"
-      ],
-      "aliases": [
-        "CVE-2018-15192",
-        "GHSA-fg3x-rwq9-74cw",
-        "GO-2023-1971"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "ssrf-url-validation"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": false,
-        "refs": []
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-ssrf",
       "vuln_family": "ssrf",
@@ -39774,7 +35493,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
       "Seed local sink counters only.",
       "Runner triggers callback strictly to local sink endpoint.",
       "Server-side callback reaches the local sink and is recorded in proof output."
@@ -40098,57 +35816,7 @@
       "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-38795",
-      "title": "Gitea erroneous repo clones in code.gitea.io/gitea",
-      "summary": "Gitea erroneous repo clones in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:17:52Z",
-      "updated_at": "2026-03-03T04:54:07.076900Z",
-      "official_source_url": "https://github.com/advisories/GHSA-8j3v-68w3-3848",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-38795",
-        "https://blog.gitea.com/release-of-1.17.2",
-        "https://github.com/go-gitea/gitea/pull/20869",
-        "https://github.com/go-gitea/gitea/pull/20892"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-38795",
-        "CVE-2022-38795",
-        "GHSA-8j3v-68w3-3848",
-        "GO-2023-1999"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -40200,7 +35868,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea erroneous repo clones in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -40581,58 +36248,7 @@
       "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-38183",
-      "title": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-      "summary": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-06-10T16:38:54Z",
-      "updated_at": "2026-03-03T04:55:04.505871Z",
-      "official_source_url": "https://github.com/advisories/GHSA-fhv8-m4j4-cww2",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-38183",
-        "https://blog.gitea.io/2022/07/gitea-1.16.9-is-released",
-        "https://github.com/go-gitea/gitea/pull/20133",
-        "https://github.com/go-gitea/gitea/pull/20196",
-        "https://herolab.usd.de/security-advisories/usd-2022-0015"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-38183",
-        "CVE-2022-38183",
-        "GHSA-fhv8-m4j4-cww2",
-        "GO-2024-2769"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -40684,7 +36300,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea allowed assignment of private issues in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -41065,59 +36680,7 @@
       "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-30781",
-      "title": "Shell command injection in gitea in code.gitea.io/gitea",
-      "summary": "Shell command injection in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:31Z",
-      "updated_at": "2026-03-03T04:50:23.949796Z",
-      "official_source_url": "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-30781",
-        "http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html",
-        "http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html",
-        "https://blog.gitea.io/2022/05/gitea-1.16.7-is-released",
-        "https://github.com/go-gitea/gitea/pull/19487",
-        "https://github.com/go-gitea/gitea/pull/19490"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-30781",
-        "CVE-2022-30781",
-        "GHSA-p5f9-c9j9-g8qx",
-        "GO-2022-0450"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -41169,7 +36732,6 @@
       ]
     },
     "reasoning_lines": [
-      "Shell command injection in gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -41550,56 +37112,7 @@
       "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-27313",
-      "title": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-      "summary": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:31Z",
-      "updated_at": "2026-03-03T04:50:19.647131Z",
-      "official_source_url": "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-27313",
-        "https://github.com/go-gitea/gitea/pull/19072",
-        "https://github.com/go-gitea/gitea/releases/tag/v1.16.4"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-27313",
-        "CVE-2022-27313",
-        "GHSA-g7p7-x6w7-w6qg",
-        "GO-2022-0442"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -41651,7 +37164,6 @@
       ]
     },
     "reasoning_lines": [
-      "Arbitrary file deletion in gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -42032,60 +37544,7 @@
       "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-1928",
-      "title": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-      "summary": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:40Z",
-      "updated_at": "2026-03-03T04:50:45.577318Z",
-      "official_source_url": "https://github.com/advisories/GHSA-ph3w-2843-72mx",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-1928",
-        "https://github.com/go-gitea/gitea",
-        "https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c",
-        "https://github.com/go-gitea/gitea/pull/19825",
-        "https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2",
-        "https://security.gentoo.org/glsa/202210-14"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-1928",
-        "CVE-2022-1928",
-        "GHSA-ph3w-2843-72mx",
-        "GO-2022-0612"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary",
-        "xss-output-encoding"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-xss",
       "vuln_family": "xss",
@@ -42137,7 +37596,6 @@
       ]
     },
     "reasoning_lines": [
-      "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
       "Seed stored content page before browser proof capture.",
       "Runner stores inert script payload and captures proof page.",
       "Browser proof page renders the stored XSS marker after the controlled payload."
@@ -42518,58 +37976,7 @@
       "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-1058",
-      "title": "Gitea Open Redirect in code.gitea.io/gitea",
-      "summary": "Gitea Open Redirect in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-06-04T15:19:21Z",
-      "updated_at": "2026-03-03T04:51:49.844240Z",
-      "official_source_url": "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-1058",
-        "https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48",
-        "https://github.com/go-gitea/gitea/pull/19175",
-        "https://github.com/go-gitea/gitea/pull/19186",
-        "https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-1058",
-        "CVE-2022-1058",
-        "GHSA-4rqq-rxvc-v2rc",
-        "GO-2024-2752"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -42621,7 +38028,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea Open Redirect in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -43002,57 +38408,7 @@
       "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/attack.json",
       "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2022-0905",
-      "title": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-      "summary": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T15:11:40Z",
-      "updated_at": "2026-03-03T04:50:45.472605Z",
-      "official_source_url": "https://github.com/advisories/GHSA-jr9c-h74f-2v28",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2022-0905",
-        "https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2",
-        "https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314",
-        "https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb"
-      ],
-      "aliases": [
-        "BIT-gitea-2022-0905",
-        "CVE-2022-0905",
-        "GHSA-jr9c-h74f-2v28",
-        "GO-2022-0609"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -43104,7 +38460,6 @@
       ]
     },
     "reasoning_lines": [
-      "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -43485,56 +38840,7 @@
       "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-45331",
-      "title": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-      "summary": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:30:29Z",
-      "updated_at": "2026-03-03T04:52:07.604662Z",
-      "official_source_url": "https://github.com/advisories/GHSA-hfmf-q69j-6m5p",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-45331",
-        "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released",
-        "https://github.com/go-gitea/gitea/pull/3878"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-45331",
-        "CVE-2021-45331",
-        "GHSA-hfmf-q69j-6m5p",
-        "GO-2022-0315"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -43586,7 +38892,6 @@
       ]
     },
     "reasoning_lines": [
-      "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -43967,56 +39272,7 @@
       "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-45330",
-      "title": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-      "summary": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T16:03:21Z",
-      "updated_at": "2026-03-03T04:52:33.136607Z",
-      "official_source_url": "https://github.com/advisories/GHSA-pg38-r834-g45j",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-45330",
-        "https://github.com/go-gitea/gitea/issues/4336",
-        "https://github.com/go-gitea/gitea/pull/4840"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-45330",
-        "CVE-2021-45330",
-        "GHSA-pg38-r834-g45j",
-        "GO-2022-0982"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -44068,7 +39324,6 @@
       ]
     },
     "reasoning_lines": [
-      "Improper Privilege Management in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -44449,61 +39704,7 @@
       "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-45327",
-      "title": "Capture-replay in Gitea in code.gitea.io/gitea",
-      "summary": "Capture-replay in Gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-08-21T14:30:26Z",
-      "updated_at": "2026-03-03T04:52:07.840324Z",
-      "official_source_url": "https://github.com/advisories/GHSA-jrpg-35hw-m4p9",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-45327",
-        "https://blog.gitea.io/2020/03/gitea-1.11.2-is-released",
-        "https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67",
-        "https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab",
-        "https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea",
-        "https://github.com/go-gitea/gitea/pull/10462",
-        "https://github.com/go-gitea/gitea/pull/10465",
-        "https://github.com/go-gitea/gitea/pull/10582"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-45327",
-        "CVE-2021-45327",
-        "GHSA-jrpg-35hw-m4p9",
-        "GO-2022-0310"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -44555,7 +39756,6 @@
       ]
     },
     "reasoning_lines": [
-      "Capture-replay in Gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
@@ -44936,55 +40136,7 @@
       "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/attack.json",
       "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline.json"
     ],
-    "advisory_meta": {
-      "canonical_id": "gitea--CVE-2021-3382",
-      "title": "Buffer Overflow in gitea in code.gitea.io/gitea",
-      "summary": "Buffer Overflow in gitea in code.gitea.io/gitea",
-      "display_name": "Gitea",
-      "system_id": "gitea",
-      "category": "platforms",
-      "severity": "unknown",
-      "cvss_score": null,
-      "exploit_status": "unknown",
-      "published_at": "2024-06-04T15:19:21Z",
-      "updated_at": "2026-03-03T04:55:15.307648Z",
-      "official_source_url": "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm",
-      "secondary_source_urls": [
-        "https://nvd.nist.gov/vuln/detail/CVE-2021-3382",
-        "https://github.com/go-gitea/gitea/pull/14390"
-      ],
-      "aliases": [
-        "BIT-gitea-2021-3382",
-        "CVE-2021-3382",
-        "GHSA-9f8c-pfvv-p4gm",
-        "GO-2024-2757"
-      ],
-      "secure_code_topics": [
-        "authz-server-side-recheck",
-        "token-cookie-storage",
-        "proxy-trust-boundary"
-      ],
-      "verification_status": "verified-real",
-      "verification_mode": "real",
-      "artifact_mode": "local-fixture",
-      "blocked_reason": null,
-      "browser_evidence": {
-        "required": false,
-        "present": true,
-        "refs": [
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
-          "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
-        ]
-      }
-    },
+    "advisory_meta": {},
     "profile_meta": {
       "profile_id": "gitea-proxy-boundary",
       "vuln_family": "proxy-boundary",
@@ -45036,7 +40188,6 @@
       ]
     },
     "reasoning_lines": [
-      "Buffer Overflow in gitea in code.gitea.io/gitea",
       "Seed forwarded-header boundary fixture with clean state.",
       "Runner performs local forwarded-header trust proof only inside the fixture.",
       "Local fixture proves trusted proxy headers cross the admin boundary."
diff --git a/08-threat-intel/generated/dashboard/summary.json b/08-threat-intel/generated/dashboard/summary.json
index 08ddd48c..a03026be 100644
--- a/08-threat-intel/generated/dashboard/summary.json
+++ b/08-threat-intel/generated/dashboard/summary.json
@@ -1,171 +1,90 @@
 {
-  "generated_at": "2026-03-18T14:22:56+00:00",
-  "advisory_count": 89,
+  "generated_at": "2026-03-18T14:45:55+00:00",
+  "advisory_count": 5,
   "run_count": 140,
   "statuses": {
-    "verified-real": 89
+    "triage-manual": 5
   },
   "run_statuses": {
     "verified-real": 136,
     "blocked-artifact": 3,
     "triage-manual": 1
   },
-  "recent_failures": [],
-  "systems": [
+  "recent_failures": [
     {
-      "system_id": "gitea",
-      "display_name": "Gitea",
-      "total": 37,
-      "verified_real": 37,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 0,
-      "browser_required": 5,
-      "browser_present": 33,
-      "latest_update": "2026-03-03T04:57:57.697708Z",
-      "category": "platforms",
-      "tier": "rolling-24m",
-      "output_dir": "07-framework-security/platforms/gitea",
-      "families": [
-        {
-          "family": "authz-bypass",
-          "total": 3,
-          "verified_real": 3,
-          "manual": 0
-        },
-        {
-          "family": "file-upload",
-          "total": 2,
-          "verified_real": 2,
-          "manual": 0
-        },
-        {
-          "family": "proxy-boundary",
-          "total": 26,
-          "verified_real": 26,
-          "manual": 0
-        },
-        {
-          "family": "ssrf",
-          "total": 1,
-          "verified_real": 1,
-          "manual": 0
-        },
-        {
-          "family": "xss",
-          "total": 5,
-          "verified_real": 5,
-          "manual": 0
-        }
-      ]
+      "run_id": null,
+      "advisory_id": "nextjs--CVE-2026-27979",
+      "status": "triage-manual",
+      "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+      "blocked_reason": null
     },
+    {
+      "run_id": null,
+      "advisory_id": "nextjs--CVE-2026-27980",
+      "status": "triage-manual",
+      "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
+      "blocked_reason": null
+    },
+    {
+      "run_id": null,
+      "advisory_id": "nextjs--CVE-2026-29057",
+      "status": "triage-manual",
+      "title": "Next.js: HTTP request smuggling in rewrites",
+      "blocked_reason": null
+    },
+    {
+      "run_id": null,
+      "advisory_id": "nextjs--CVE-2026-27978",
+      "status": "triage-manual",
+      "title": "Next.js: null origin can bypass Server Actions CSRF checks",
+      "blocked_reason": null
+    },
+    {
+      "run_id": null,
+      "advisory_id": "nextjs--CVE-2026-27977",
+      "status": "triage-manual",
+      "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
+      "blocked_reason": null
+    }
+  ],
+  "systems": [
     {
       "system_id": "nextjs",
       "display_name": "Next.js",
-      "total": 26,
-      "verified_real": 26,
+      "total": 5,
+      "verified_real": 0,
       "verified_synthetic": 0,
       "blocked": 0,
-      "manual": 0,
-      "browser_required": 2,
-      "browser_present": 21,
-      "latest_update": "2026-03-13T22:14:13.665535Z",
+      "manual": 5,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "2026-03-17T16:31:34.160932Z",
       "category": "frameworks",
       "tier": "history-full",
       "output_dir": "07-framework-security/frameworks/nextjs",
       "families": [
-        {
-          "family": "authz-bypass",
-          "total": 2,
-          "verified_real": 2,
-          "manual": 0
-        },
-        {
-          "family": "deserialization",
-          "total": 1,
-          "verified_real": 1,
-          "manual": 0
-        },
         {
           "family": "proxy-boundary",
-          "total": 19,
-          "verified_real": 19,
-          "manual": 0
+          "total": 4,
+          "verified_real": 0,
+          "manual": 4
         },
         {
-          "family": "ssrf",
-          "total": 2,
-          "verified_real": 2,
-          "manual": 0
-        },
-        {
-          "family": "xss",
-          "total": 2,
-          "verified_real": 2,
-          "manual": 0
-        }
-      ]
-    },
-    {
-      "system_id": "undici",
-      "display_name": "Undici",
-      "total": 14,
-      "verified_real": 14,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 0,
-      "browser_required": 0,
-      "browser_present": 0,
-      "latest_update": "2026-03-14T09:19:54.772219Z",
-      "category": "frameworks",
-      "tier": "rolling-24m",
-      "output_dir": "07-framework-security/frameworks/undici",
-      "families": [
-        {
-          "family": "ssrf",
-          "total": 14,
-          "verified_real": 14,
-          "manual": 0
-        }
-      ]
-    },
-    {
-      "system_id": "vite",
-      "display_name": "Vite",
-      "total": 12,
-      "verified_real": 12,
-      "verified_synthetic": 0,
-      "blocked": 0,
-      "manual": 0,
-      "browser_required": 3,
-      "browser_present": 12,
-      "latest_update": "2026-02-04T04:37:24.129476Z",
-      "category": "frameworks",
-      "tier": "history-full",
-      "output_dir": "07-framework-security/frameworks/vite",
-      "families": [
-        {
-          "family": "proxy-boundary",
-          "total": 11,
-          "verified_real": 11,
-          "manual": 0
-        },
-        {
-          "family": "xss",
+          "family": "request-smuggling",
           "total": 1,
-          "verified_real": 1,
-          "manual": 0
+          "verified_real": 0,
+          "manual": 1
         }
       ]
     }
   ],
   "completeness": {
-    "advisory_total": 89,
-    "verified_real": 89,
+    "advisory_total": 5,
+    "verified_real": 0,
     "verified_synthetic": 0,
     "blocked": 0,
-    "manual": 0,
-    "verified_ratio": 100.0,
-    "complete": true
+    "manual": 5,
+    "verified_ratio": 0.0,
+    "complete": false
   }
 }
diff --git a/08-threat-intel/generated/dashboard/systems.json b/08-threat-intel/generated/dashboard/systems.json
index 6eccb339..f491d2f2 100644
--- a/08-threat-intel/generated/dashboard/systems.json
+++ b/08-threat-intel/generated/dashboard/systems.json
@@ -1,147 +1,30 @@
 [
-  {
-    "system_id": "gitea",
-    "display_name": "Gitea",
-    "total": 37,
-    "verified_real": 37,
-    "verified_synthetic": 0,
-    "blocked": 0,
-    "manual": 0,
-    "browser_required": 5,
-    "browser_present": 33,
-    "latest_update": "2026-03-03T04:57:57.697708Z",
-    "category": "platforms",
-    "tier": "rolling-24m",
-    "output_dir": "07-framework-security/platforms/gitea",
-    "families": [
-      {
-        "family": "authz-bypass",
-        "total": 3,
-        "verified_real": 3,
-        "manual": 0
-      },
-      {
-        "family": "file-upload",
-        "total": 2,
-        "verified_real": 2,
-        "manual": 0
-      },
-      {
-        "family": "proxy-boundary",
-        "total": 26,
-        "verified_real": 26,
-        "manual": 0
-      },
-      {
-        "family": "ssrf",
-        "total": 1,
-        "verified_real": 1,
-        "manual": 0
-      },
-      {
-        "family": "xss",
-        "total": 5,
-        "verified_real": 5,
-        "manual": 0
-      }
-    ]
-  },
   {
     "system_id": "nextjs",
     "display_name": "Next.js",
-    "total": 26,
-    "verified_real": 26,
+    "total": 5,
+    "verified_real": 0,
     "verified_synthetic": 0,
     "blocked": 0,
-    "manual": 0,
-    "browser_required": 2,
-    "browser_present": 21,
-    "latest_update": "2026-03-13T22:14:13.665535Z",
+    "manual": 5,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "2026-03-17T16:31:34.160932Z",
     "category": "frameworks",
     "tier": "history-full",
     "output_dir": "07-framework-security/frameworks/nextjs",
     "families": [
-      {
-        "family": "authz-bypass",
-        "total": 2,
-        "verified_real": 2,
-        "manual": 0
-      },
-      {
-        "family": "deserialization",
-        "total": 1,
-        "verified_real": 1,
-        "manual": 0
-      },
       {
         "family": "proxy-boundary",
-        "total": 19,
-        "verified_real": 19,
-        "manual": 0
+        "total": 4,
+        "verified_real": 0,
+        "manual": 4
       },
       {
-        "family": "ssrf",
-        "total": 2,
-        "verified_real": 2,
-        "manual": 0
-      },
-      {
-        "family": "xss",
-        "total": 2,
-        "verified_real": 2,
-        "manual": 0
-      }
-    ]
-  },
-  {
-    "system_id": "undici",
-    "display_name": "Undici",
-    "total": 14,
-    "verified_real": 14,
-    "verified_synthetic": 0,
-    "blocked": 0,
-    "manual": 0,
-    "browser_required": 0,
-    "browser_present": 0,
-    "latest_update": "2026-03-14T09:19:54.772219Z",
-    "category": "frameworks",
-    "tier": "rolling-24m",
-    "output_dir": "07-framework-security/frameworks/undici",
-    "families": [
-      {
-        "family": "ssrf",
-        "total": 14,
-        "verified_real": 14,
-        "manual": 0
-      }
-    ]
-  },
-  {
-    "system_id": "vite",
-    "display_name": "Vite",
-    "total": 12,
-    "verified_real": 12,
-    "verified_synthetic": 0,
-    "blocked": 0,
-    "manual": 0,
-    "browser_required": 3,
-    "browser_present": 12,
-    "latest_update": "2026-02-04T04:37:24.129476Z",
-    "category": "frameworks",
-    "tier": "history-full",
-    "output_dir": "07-framework-security/frameworks/vite",
-    "families": [
-      {
-        "family": "proxy-boundary",
-        "total": 11,
-        "verified_real": 11,
-        "manual": 0
-      },
-      {
-        "family": "xss",
+        "family": "request-smuggling",
         "total": 1,
-        "verified_real": 1,
-        "manual": 0
+        "verified_real": 0,
+        "manual": 1
       }
     ]
   }
diff --git a/08-threat-intel/generated/latest-ingest.md b/08-threat-intel/generated/latest-ingest.md
index 679f4b1f..8df1e2f2 100644
--- a/08-threat-intel/generated/latest-ingest.md
+++ b/08-threat-intel/generated/latest-ingest.md
@@ -1,19 +1,43 @@
 # 最新同步摘要
 
-- 渲染时间: `2026-03-18T14:22:48+00:00`
+- 渲染时间: `2026-03-18T14:45:54+00:00`
 - 系统数量: `62`
-- Advisory 数量: `89`
-- 重点 Markdown 数量: `89`
+- Advisory 数量: `5`
+- 重点 Markdown 数量: `5`
 - Run Bundle 数量: `89`
-- 新增记录: `0`
+- 新增记录: `5`
 - 更新记录: `0`
 - Triage 数量: `0`
-- 失败的 source adapter: `5`
+- 失败的 source adapter: `29`
 
 ## 失败列表
 
 - drupal::Drupal Security Advisories Site::HTTPError
-- django::Django Security RSS::HTTPError
-- haproxy::HAProxy Security Advisories::HTTPError
 - discourse::Discourse Meta Security::HTTPError
-- adobe-commerce::Adobe Security Bulletins::SSLError
+- adobe-commerce::Adobe Security Bulletins::ConnectionError
+- react::GitHub Global Advisories::TypeError
+- nextjs::GitHub Global Advisories::AttributeError
+- vue::GitHub Global Advisories::HTTPError
+- nuxt::GitHub Global Advisories::HTTPError
+- vite::GitHub Global Advisories::HTTPError
+- angular::GitHub Global Advisories::HTTPError
+- sveltekit::GitHub Global Advisories::HTTPError
+- astro::GitHub Global Advisories::HTTPError
+- express::GitHub Global Advisories::HTTPError
+- nestjs::GitHub Global Advisories::HTTPError
+- koa::GitHub Global Advisories::HTTPError
+- fastify::GitHub Global Advisories::HTTPError
+- hapi::GitHub Global Advisories::HTTPError
+- undici::GitHub Global Advisories::HTTPError
+- webpack::GitHub Global Advisories::HTTPError
+- esbuild::GitHub Global Advisories::HTTPError
+- spring-framework::GitHub Global Advisories::HTTPError
+- spring-security::GitHub Global Advisories::HTTPError
+- spring-boot::GitHub Global Advisories::HTTPError
+- laravel::GitHub Global Advisories::HTTPError
+- symfony::GitHub Global Advisories::HTTPError
+- django::Django Security RSS::HTTPError
+- flask::GitHub Global Advisories::HTTPError
+- werkzeug::GitHub Global Advisories::HTTPError
+- rails::GitHub Global Advisories::HTTPError
+- haproxy::HAProxy Security Advisories::HTTPError
diff --git a/08-threat-intel/generated/run-summary.json b/08-threat-intel/generated/run-summary.json
index d8bb51f6..544d6c46 100644
--- a/08-threat-intel/generated/run-summary.json
+++ b/08-threat-intel/generated/run-summary.json
@@ -1,18 +1,44 @@
 {
-  "generated_at": "2026-03-18T14:22:48+00:00",
+  "generated_at": "2026-03-18T14:45:54+00:00",
   "system_count": 62,
-  "advisory_count": 89,
-  "markdown_count": 89,
-  "new_count": 0,
+  "advisory_count": 5,
+  "markdown_count": 5,
+  "new_count": 5,
   "updated_count": 0,
-  "systems_touched": [],
+  "systems_touched": [
+    "nextjs"
+  ],
   "triage_count": 0,
   "run_bundle_count": 89,
   "failures": [
     "drupal::Drupal Security Advisories Site::HTTPError",
-    "django::Django Security RSS::HTTPError",
-    "haproxy::HAProxy Security Advisories::HTTPError",
     "discourse::Discourse Meta Security::HTTPError",
-    "adobe-commerce::Adobe Security Bulletins::SSLError"
+    "adobe-commerce::Adobe Security Bulletins::ConnectionError",
+    "react::GitHub Global Advisories::TypeError",
+    "nextjs::GitHub Global Advisories::AttributeError",
+    "vue::GitHub Global Advisories::HTTPError",
+    "nuxt::GitHub Global Advisories::HTTPError",
+    "vite::GitHub Global Advisories::HTTPError",
+    "angular::GitHub Global Advisories::HTTPError",
+    "sveltekit::GitHub Global Advisories::HTTPError",
+    "astro::GitHub Global Advisories::HTTPError",
+    "express::GitHub Global Advisories::HTTPError",
+    "nestjs::GitHub Global Advisories::HTTPError",
+    "koa::GitHub Global Advisories::HTTPError",
+    "fastify::GitHub Global Advisories::HTTPError",
+    "hapi::GitHub Global Advisories::HTTPError",
+    "undici::GitHub Global Advisories::HTTPError",
+    "webpack::GitHub Global Advisories::HTTPError",
+    "esbuild::GitHub Global Advisories::HTTPError",
+    "spring-framework::GitHub Global Advisories::HTTPError",
+    "spring-security::GitHub Global Advisories::HTTPError",
+    "spring-boot::GitHub Global Advisories::HTTPError",
+    "laravel::GitHub Global Advisories::HTTPError",
+    "symfony::GitHub Global Advisories::HTTPError",
+    "django::Django Security RSS::HTTPError",
+    "flask::GitHub Global Advisories::HTTPError",
+    "werkzeug::GitHub Global Advisories::HTTPError",
+    "rails::GitHub Global Advisories::HTTPError",
+    "haproxy::HAProxy Security Advisories::HTTPError"
   ]
 }
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json b/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json
deleted file mode 100644
index 28712e48..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json
+++ /dev/null
@@ -1,82 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2018-15192",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-  "summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
-  "published_at": "2024-08-20T20:32:20Z",
-  "updated_at": "2026-03-03T04:54:04.686907Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
-    "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
-    "https://github.com/go-gitea/gitea/issues/4624",
-    "https://github.com/go-gitea/gitea/pull/17482",
-    "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
-    "https://github.com/gogs/gogs/issues/5366",
-    "https://github.com/gogs/gogs/pull/6002"
-  ],
-  "aliases": [
-    "CVE-2018-15192",
-    "GHSA-fg3x-rwq9-74cw",
-    "GO-2023-1971"
-  ],
-  "cve_ids": [
-    "CVE-2018-15192"
-  ],
-  "ghsa_ids": [
-    "GHSA-fg3x-rwq9-74cw"
-  ],
-  "osv_ids": [
-    "GO-2023-1971"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.0-rc1",
-    "introduced=0, fixed<0.12.0"
-  ],
-  "fixed_versions": [
-    "1.16.0-rc1",
-    "0.12.0"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "ssrf-url-validation"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:27:54+00:00",
-  "last_run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null,
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json b/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json
deleted file mode 100644
index cf734b7e..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json
+++ /dev/null
@@ -1,99 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2018-18926",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-  "summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:29:04Z",
-  "updated_at": "2026-03-03T04:52:20.787387Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
-    "https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
-    "https://github.com/go-gitea/gitea/issues/5140",
-    "https://github.com/go-gitea/gitea/pull/5177"
-  ],
-  "aliases": [
-    "CVE-2018-18926",
-    "GHSA-hf6f-jq25-8gq9",
-    "GO-2022-0844"
-  ],
-  "cve_ids": [
-    "CVE-2018-18926"
-  ],
-  "ghsa_ids": [
-    "GHSA-hf6f-jq25-8gq9"
-  ],
-  "osv_ids": [
-    "GO-2022-0844"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.5.2"
-  ],
-  "fixed_versions": [
-    "1.5.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:25:45+00:00",
-  "last_run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
-    ],
-    "baseline_title": "Gitea Proxy Boundary Fixture",
-    "proof_title": "Gitea Proxy Boundary Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json b/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json
deleted file mode 100644
index 4007b7e1..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json
+++ /dev/null
@@ -1,98 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2019-1010261",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-  "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
-  "published_at": "2024-08-20T20:31:38Z",
-  "updated_at": "2026-03-03T04:53:57.848904Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
-    "https://github.com/go-gitea/gitea/pull/5905"
-  ],
-  "aliases": [
-    "CVE-2019-1010261",
-    "GHSA-5rh7-6gfj-mc87",
-    "GO-2023-1922"
-  ],
-  "cve_ids": [
-    "CVE-2019-1010261"
-  ],
-  "ghsa_ids": [
-    "GHSA-5rh7-6gfj-mc87"
-  ],
-  "osv_ids": [
-    "GO-2023-1922"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.7.1"
-  ],
-  "fixed_versions": [
-    "1.7.1"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:26:30+00:00",
-  "last_run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
-    ],
-    "baseline_title": "Gitea Stored XSS Fixture",
-    "proof_title": "Gitea Stored XSS Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json b/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json
deleted file mode 100644
index 3db56d73..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json
+++ /dev/null
@@ -1,100 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2020-13246",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Denial of Service in Gitea in code.gitea.io/gitea",
-  "summary": "Denial of Service in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:29:04Z",
-  "updated_at": "2026-03-03T04:52:17.939867Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
-    "https://github.com/go-gitea/gitea/issues/10549",
-    "https://github.com/go-gitea/gitea/pull/11438",
-    "https://www.youtube.com/watch?v=DmVgADSVS88"
-  ],
-  "aliases": [
-    "BIT-gitea-2020-13246",
-    "CVE-2020-13246",
-    "GHSA-g2qx-6ghw-67hm",
-    "GO-2022-0830"
-  ],
-  "cve_ids": [
-    "CVE-2020-13246"
-  ],
-  "ghsa_ids": [
-    "GHSA-g2qx-6ghw-67hm"
-  ],
-  "osv_ids": [
-    "GO-2022-0830"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.12.0"
-  ],
-  "fixed_versions": [
-    "1.12.0"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:28:13+00:00",
-  "last_run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
-    ],
-    "baseline_title": "Gitea Proxy Boundary Fixture",
-    "proof_title": "Gitea Proxy Boundary Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json
deleted file mode 100644
index bb27bf4b..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-28378",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-  "summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:29:04Z",
-  "updated_at": "2026-03-03T04:52:18.307544Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
-    "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
-    "https://github.com/PandatiX/CVE-2021-28378",
-    "https://github.com/go-gitea/gitea/pull/14898",
-    "https://github.com/go-gitea/gitea/pull/14899"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-28378",
-    "CVE-2021-28378",
-    "GHSA-g95p-88p4-76cm",
-    "GO-2022-0832"
-  ],
-  "cve_ids": [
-    "CVE-2021-28378"
-  ],
-  "ghsa_ids": [
-    "GHSA-g95p-88p4-76cm"
-  ],
-  "osv_ids": [
-    "GO-2022-0832"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.13.4"
-  ],
-  "fixed_versions": [
-    "1.13.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:28:19+00:00",
-  "last_run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
-    ],
-    "baseline_title": "Gitea Stored XSS Fixture",
-    "proof_title": "Gitea Stored XSS Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json
deleted file mode 100644
index 8acb5cfb..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-29134",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Path Traversal in Gitea in code.gitea.io/gitea",
-  "summary": "Path Traversal in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T14:30:29Z",
-  "updated_at": "2026-03-03T04:50:06.638863Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-29134",
-    "https://github.com/go-gitea/gitea/pull/15125/files",
-    "https://github.com/go-gitea/gitea/releases",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.13.6"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-29134",
-    "CVE-2021-29134",
-    "GHSA-h3q4-vmw4-cpr5",
-    "GO-2022-0353"
-  ],
-  "cve_ids": [
-    "CVE-2021-29134"
-  ],
-  "ghsa_ids": [
-    "GHSA-h3q4-vmw4-cpr5"
-  ],
-  "osv_ids": [
-    "GO-2022-0353"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.13.6"
-  ],
-  "fixed_versions": [
-    "1.13.6"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "path-traversal-guard"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json
deleted file mode 100644
index 546c6556..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-3382",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Buffer Overflow in gitea in code.gitea.io/gitea",
-  "summary": "Buffer Overflow in gitea in code.gitea.io/gitea",
-  "published_at": "2024-06-04T15:19:21Z",
-  "updated_at": "2026-03-03T04:55:15.307648Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-3382",
-    "https://github.com/go-gitea/gitea/pull/14390"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-3382",
-    "CVE-2021-3382",
-    "GHSA-9f8c-pfvv-p4gm",
-    "GO-2024-2757"
-  ],
-  "cve_ids": [
-    "CVE-2021-3382"
-  ],
-  "ghsa_ids": [
-    "GHSA-9f8c-pfvv-p4gm"
-  ],
-  "osv_ids": [
-    "GO-2024-2757"
-  ],
-  "affected_versions": [
-    "introduced=1.9.0, fixed<1.13.2"
-  ],
-  "fixed_versions": [
-    "1.13.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json
deleted file mode 100644
index 558d6946..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-45327",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Capture-replay in Gitea in code.gitea.io/gitea",
-  "summary": "Capture-replay in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T14:30:26Z",
-  "updated_at": "2026-03-03T04:52:07.840324Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-jrpg-35hw-m4p9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-45327",
-    "https://blog.gitea.io/2020/03/gitea-1.11.2-is-released",
-    "https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67",
-    "https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab",
-    "https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea",
-    "https://github.com/go-gitea/gitea/pull/10462",
-    "https://github.com/go-gitea/gitea/pull/10465",
-    "https://github.com/go-gitea/gitea/pull/10582"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-45327",
-    "CVE-2021-45327",
-    "GHSA-jrpg-35hw-m4p9",
-    "GO-2022-0310"
-  ],
-  "cve_ids": [
-    "CVE-2021-45327"
-  ],
-  "ghsa_ids": [
-    "GHSA-jrpg-35hw-m4p9"
-  ],
-  "osv_ids": [
-    "GO-2022-0310"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.11.2"
-  ],
-  "fixed_versions": [
-    "1.11.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json
deleted file mode 100644
index 2f01c92b..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-45330",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-  "summary": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T16:03:21Z",
-  "updated_at": "2026-03-03T04:52:33.136607Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-pg38-r834-g45j",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-45330",
-    "https://github.com/go-gitea/gitea/issues/4336",
-    "https://github.com/go-gitea/gitea/pull/4840"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-45330",
-    "CVE-2021-45330",
-    "GHSA-pg38-r834-g45j",
-    "GO-2022-0982"
-  ],
-  "cve_ids": [
-    "CVE-2021-45330"
-  ],
-  "ghsa_ids": [
-    "GHSA-pg38-r834-g45j"
-  ],
-  "osv_ids": [
-    "GO-2022-0982"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.6.0"
-  ],
-  "fixed_versions": [
-    "1.6.0"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json
deleted file mode 100644
index bf0b8ede..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2021-45331",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-  "summary": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T14:30:29Z",
-  "updated_at": "2026-03-03T04:52:07.604662Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-hfmf-q69j-6m5p",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-45331",
-    "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released",
-    "https://github.com/go-gitea/gitea/pull/3878"
-  ],
-  "aliases": [
-    "BIT-gitea-2021-45331",
-    "CVE-2021-45331",
-    "GHSA-hfmf-q69j-6m5p",
-    "GO-2022-0315"
-  ],
-  "cve_ids": [
-    "CVE-2021-45331"
-  ],
-  "ghsa_ids": [
-    "GHSA-hfmf-q69j-6m5p"
-  ],
-  "osv_ids": [
-    "GO-2022-0315"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.5.0"
-  ],
-  "fixed_versions": [
-    "1.5.0"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json
deleted file mode 100644
index 54c35378..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-0905",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-  "summary": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:11:40Z",
-  "updated_at": "2026-03-03T04:50:45.472605Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-jr9c-h74f-2v28",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-0905",
-    "https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2",
-    "https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314",
-    "https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-0905",
-    "CVE-2022-0905",
-    "GHSA-jr9c-h74f-2v28",
-    "GO-2022-0609"
-  ],
-  "cve_ids": [
-    "CVE-2022-0905"
-  ],
-  "ghsa_ids": [
-    "GHSA-jr9c-h74f-2v28"
-  ],
-  "osv_ids": [
-    "GO-2022-0609"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.4"
-  ],
-  "fixed_versions": [
-    "1.16.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json
deleted file mode 100644
index 8a333d8c..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-1058",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea Open Redirect in code.gitea.io/gitea",
-  "summary": "Gitea Open Redirect in code.gitea.io/gitea",
-  "published_at": "2024-06-04T15:19:21Z",
-  "updated_at": "2026-03-03T04:51:49.844240Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-1058",
-    "https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48",
-    "https://github.com/go-gitea/gitea/pull/19175",
-    "https://github.com/go-gitea/gitea/pull/19186",
-    "https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-1058",
-    "CVE-2022-1058",
-    "GHSA-4rqq-rxvc-v2rc",
-    "GO-2024-2752"
-  ],
-  "cve_ids": [
-    "CVE-2022-1058"
-  ],
-  "ghsa_ids": [
-    "GHSA-4rqq-rxvc-v2rc"
-  ],
-  "osv_ids": [
-    "GO-2024-2752"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.5"
-  ],
-  "fixed_versions": [
-    "1.16.5"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json
deleted file mode 100644
index 7ec80bcf..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-1928",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-  "summary": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:11:40Z",
-  "updated_at": "2026-03-03T04:50:45.577318Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-ph3w-2843-72mx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-1928",
-    "https://github.com/go-gitea/gitea",
-    "https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c",
-    "https://github.com/go-gitea/gitea/pull/19825",
-    "https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2",
-    "https://security.gentoo.org/glsa/202210-14"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-1928",
-    "CVE-2022-1928",
-    "GHSA-ph3w-2843-72mx",
-    "GO-2022-0612"
-  ],
-  "cve_ids": [
-    "CVE-2022-1928"
-  ],
-  "ghsa_ids": [
-    "GHSA-ph3w-2843-72mx"
-  ],
-  "osv_ids": [
-    "GO-2022-0612"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.9"
-  ],
-  "fixed_versions": [
-    "1.16.9"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json
deleted file mode 100644
index 24d9200f..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-27313",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-  "summary": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:11:31Z",
-  "updated_at": "2026-03-03T04:50:19.647131Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-27313",
-    "https://github.com/go-gitea/gitea/pull/19072",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.16.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-27313",
-    "CVE-2022-27313",
-    "GHSA-g7p7-x6w7-w6qg",
-    "GO-2022-0442"
-  ],
-  "cve_ids": [
-    "CVE-2022-27313"
-  ],
-  "ghsa_ids": [
-    "GHSA-g7p7-x6w7-w6qg"
-  ],
-  "osv_ids": [
-    "GO-2022-0442"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.4"
-  ],
-  "fixed_versions": [
-    "1.16.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json
deleted file mode 100644
index f36e7c81..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-30781",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Shell command injection in gitea in code.gitea.io/gitea",
-  "summary": "Shell command injection in gitea in code.gitea.io/gitea",
-  "published_at": "2024-08-21T15:11:31Z",
-  "updated_at": "2026-03-03T04:50:23.949796Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-30781",
-    "http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html",
-    "http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html",
-    "https://blog.gitea.io/2022/05/gitea-1.16.7-is-released",
-    "https://github.com/go-gitea/gitea/pull/19487",
-    "https://github.com/go-gitea/gitea/pull/19490"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-30781",
-    "CVE-2022-30781",
-    "GHSA-p5f9-c9j9-g8qx",
-    "GO-2022-0450"
-  ],
-  "cve_ids": [
-    "CVE-2022-30781"
-  ],
-  "ghsa_ids": [
-    "GHSA-p5f9-c9j9-g8qx"
-  ],
-  "osv_ids": [
-    "GO-2022-0450"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.7"
-  ],
-  "fixed_versions": [
-    "1.16.7"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json
deleted file mode 100644
index 73d5e027..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-38183",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-  "summary": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
-  "published_at": "2024-06-10T16:38:54Z",
-  "updated_at": "2026-03-03T04:55:04.505871Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-fhv8-m4j4-cww2",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-38183",
-    "https://blog.gitea.io/2022/07/gitea-1.16.9-is-released",
-    "https://github.com/go-gitea/gitea/pull/20133",
-    "https://github.com/go-gitea/gitea/pull/20196",
-    "https://herolab.usd.de/security-advisories/usd-2022-0015"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-38183",
-    "CVE-2022-38183",
-    "GHSA-fhv8-m4j4-cww2",
-    "GO-2024-2769"
-  ],
-  "cve_ids": [
-    "CVE-2022-38183"
-  ],
-  "ghsa_ids": [
-    "GHSA-fhv8-m4j4-cww2"
-  ],
-  "osv_ids": [
-    "GO-2024-2769"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.16.9"
-  ],
-  "fixed_versions": [
-    "1.16.9"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json
deleted file mode 100644
index 34ab4646..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-38795",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea erroneous repo clones in code.gitea.io/gitea",
-  "summary": "Gitea erroneous repo clones in code.gitea.io/gitea",
-  "published_at": "2024-08-21T14:17:52Z",
-  "updated_at": "2026-03-03T04:54:07.076900Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-8j3v-68w3-3848",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-38795",
-    "https://blog.gitea.com/release-of-1.17.2",
-    "https://github.com/go-gitea/gitea/pull/20869",
-    "https://github.com/go-gitea/gitea/pull/20892"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-38795",
-    "CVE-2022-38795",
-    "GHSA-8j3v-68w3-3848",
-    "GO-2023-1999"
-  ],
-  "cve_ids": [
-    "CVE-2022-38795"
-  ],
-  "ghsa_ids": [
-    "GHSA-8j3v-68w3-3848"
-  ],
-  "osv_ids": [
-    "GO-2023-1999"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.17.2"
-  ],
-  "fixed_versions": [
-    "1.17.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json
deleted file mode 100644
index 527b3654..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2022-42968",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
-  "summary": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
-  "published_at": "2024-08-21T16:03:24Z",
-  "updated_at": "2026-03-03T04:52:41.181693Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-w8xw-7crf-h23x",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-42968",
-    "https://github.com/go-gitea/gitea/pull/21463",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.17.3",
-    "https://security.gentoo.org/glsa/202210-14"
-  ],
-  "aliases": [
-    "BIT-gitea-2022-42968",
-    "CVE-2022-42968",
-    "GHSA-w8xw-7crf-h23x",
-    "GO-2022-1065"
-  ],
-  "cve_ids": [
-    "CVE-2022-42968"
-  ],
-  "ghsa_ids": [
-    "GHSA-w8xw-7crf-h23x"
-  ],
-  "osv_ids": [
-    "GO-2022-1065"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.17.3"
-  ],
-  "fixed_versions": [
-    "1.17.3"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json
deleted file mode 100644
index 8102e7f2..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68938",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
-  "summary": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:49.095775Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-cm54-pfmc-xrwx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68938",
-    "https://blog.gitea.com/release-of-1.25.2",
-    "https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68938",
-    "CVE-2025-68938",
-    "GHSA-cm54-pfmc-xrwx",
-    "GO-2025-4258"
-  ],
-  "cve_ids": [
-    "CVE-2025-68938"
-  ],
-  "ghsa_ids": [
-    "GHSA-cm54-pfmc-xrwx"
-  ],
-  "osv_ids": [
-    "GO-2025-4258"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.2"
-  ],
-  "fixed_versions": [
-    "1.25.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
deleted file mode 100644
index 962692c9..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68939",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-  "summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:48.777563Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
-    "https://blog.gitea.com/release-of-1.23.0",
-    "https://github.com/go-gitea/gitea/pull/32151",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68939",
-    "CVE-2025-68939",
-    "GHSA-263q-5cv3-xq9g",
-    "GO-2025-4261"
-  ],
-  "cve_ids": [
-    "CVE-2025-68939"
-  ],
-  "ghsa_ids": [
-    "GHSA-263q-5cv3-xq9g"
-  ],
-  "osv_ids": [
-    "GO-2025-4261"
-  ],
-  "affected_versions": [
-    "introduced=0"
-  ],
-  "fixed_versions": null,
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "blocked-artifact",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-17T07:02:56+00:00",
-  "last_run_id": "gitea-livecheck-20260316",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
-  "browser_evidence": {
-    "required": true,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "official-image",
-  "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json
deleted file mode 100644
index b62dccc5..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68940",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-  "summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:50.087298Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
-    "https://blog.gitea.com/release-of-1.22.5",
-    "https://github.com/go-gitea/gitea/pull/32654",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68940",
-    "CVE-2025-68940",
-    "GHSA-rrcw-5rjv-vj26",
-    "GO-2025-4267"
-  ],
-  "cve_ids": [
-    "CVE-2025-68940"
-  ],
-  "ghsa_ids": [
-    "GHSA-rrcw-5rjv-vj26"
-  ],
-  "osv_ids": [
-    "GO-2025-4267"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.22.5"
-  ],
-  "fixed_versions": [
-    "1.22.5"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:27:12+00:00",
-  "last_run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null,
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json
deleted file mode 100644
index 5792b92a..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68941",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
-  "summary": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:50.339953Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-xfq3-qj7j-4565",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68941",
-    "https://blog.gitea.com/release-of-1.22.3",
-    "https://github.com/go-gitea/gitea/pull/32218",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.22.3"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68941",
-    "CVE-2025-68941",
-    "GHSA-xfq3-qj7j-4565",
-    "GO-2025-4268"
-  ],
-  "cve_ids": [
-    "CVE-2025-68941"
-  ],
-  "ghsa_ids": [
-    "GHSA-xfq3-qj7j-4565"
-  ],
-  "osv_ids": [
-    "GO-2025-4268"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.22.3"
-  ],
-  "fixed_versions": [
-    "1.22.3"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json
deleted file mode 100644
index 1e386e6c..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68942",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
-  "summary": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:49.781753Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-898p-hh3p-hf9r",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68942",
-    "https://blog.gitea.com/release-of-1.22.2",
-    "https://github.com/go-gitea/gitea/pull/31966",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68942",
-    "CVE-2025-68942",
-    "GHSA-898p-hh3p-hf9r",
-    "GO-2025-4263"
-  ],
-  "cve_ids": [
-    "CVE-2025-68942"
-  ],
-  "ghsa_ids": [
-    "GHSA-898p-hh3p-hf9r"
-  ],
-  "osv_ids": [
-    "GO-2025-4263"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.22.2"
-  ],
-  "fixed_versions": [
-    "1.22.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json
deleted file mode 100644
index 4a49e70b..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68943",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
-  "summary": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:49.213758Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-jhx5-4vr4-f327",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68943",
-    "https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10",
-    "https://github.com/go-gitea/gitea/pull/29430",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.21.8"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68943",
-    "CVE-2025-68943",
-    "GHSA-jhx5-4vr4-f327",
-    "GO-2025-4266"
-  ],
-  "cve_ids": [
-    "CVE-2025-68943"
-  ],
-  "ghsa_ids": [
-    "GHSA-jhx5-4vr4-f327"
-  ],
-  "osv_ids": [
-    "GO-2025-4266"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.21.8"
-  ],
-  "fixed_versions": [
-    "1.21.8"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json
deleted file mode 100644
index eeb8c065..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68944",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
-  "summary": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:50.526913Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-f85h-c7m6-cfpm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68944",
-    "https://blog.gitea.com/release-of-1.22.2",
-    "https://github.com/go-gitea/gitea/pull/31967",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68944",
-    "CVE-2025-68944",
-    "GHSA-f85h-c7m6-cfpm",
-    "GO-2025-4264"
-  ],
-  "cve_ids": [
-    "CVE-2025-68944"
-  ],
-  "ghsa_ids": [
-    "GHSA-f85h-c7m6-cfpm"
-  ],
-  "osv_ids": [
-    "GO-2025-4264"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.22.2"
-  ],
-  "fixed_versions": [
-    "1.22.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json
deleted file mode 100644
index c9938c50..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68945",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
-  "summary": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:51.457970Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68945",
-    "https://blog.gitea.com/release-of-1.21.2",
-    "https://github.com/go-gitea/gitea/pull/28423",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.21.2"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68945",
-    "CVE-2025-68945",
-    "GHSA-7xq4-mwcp-q8fx",
-    "GO-2025-4262"
-  ],
-  "cve_ids": [
-    "CVE-2025-68945"
-  ],
-  "ghsa_ids": [
-    "GHSA-7xq4-mwcp-q8fx"
-  ],
-  "osv_ids": [
-    "GO-2025-4262"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.21.2"
-  ],
-  "fixed_versions": [
-    "1.21.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json
deleted file mode 100644
index 0e9379e6..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-68946",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
-  "summary": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
-  "published_at": "2025-12-30T01:49:57Z",
-  "updated_at": "2026-03-03T04:57:50.473303Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-hq57-c72x-4774",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-68946",
-    "https://blog.gitea.com/release-of-1.20.1",
-    "https://github.com/go-gitea/gitea/pull/25960",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.20.1"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-68946",
-    "CVE-2025-68946",
-    "GHSA-hq57-c72x-4774",
-    "GO-2025-4265"
-  ],
-  "cve_ids": [
-    "CVE-2025-68946"
-  ],
-  "ghsa_ids": [
-    "GHSA-hq57-c72x-4774"
-  ],
-  "osv_ids": [
-    "GO-2025-4265"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.20.1"
-  ],
-  "fixed_versions": [
-    "1.20.1"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json
deleted file mode 100644
index 9daf5e8c..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2025-69413",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
-  "summary": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
-  "published_at": "2026-01-12T17:39:39Z",
-  "updated_at": "2026-03-03T04:57:49.801641Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-pc73-rj2c-wvf9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-69413",
-    "https://blog.gitea.com/release-of-1.25.2",
-    "https://github.com/go-gitea/gitea/issues/35984",
-    "https://github.com/go-gitea/gitea/pull/36002",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
-  ],
-  "aliases": [
-    "BIT-gitea-2025-69413",
-    "CVE-2025-69413",
-    "GHSA-pc73-rj2c-wvf9",
-    "GO-2026-4274"
-  ],
-  "cve_ids": [
-    "CVE-2025-69413"
-  ],
-  "ghsa_ids": [
-    "GHSA-pc73-rj2c-wvf9"
-  ],
-  "osv_ids": [
-    "GO-2026-4274"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.2"
-  ],
-  "fixed_versions": [
-    "1.25.2"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json
deleted file mode 100644
index b7c40c26..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-0798",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
-  "summary": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:54.518308Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-0798",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/pull/36319",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-0798",
-    "CVE-2026-0798",
-    "GHSA-8fwc-qjw5-rvgp",
-    "GHSA-f4wq-6ww5-m56p",
-    "GO-2026-4365"
-  ],
-  "cve_ids": [
-    "CVE-2026-0798"
-  ],
-  "ghsa_ids": [
-    "GHSA-8fwc-qjw5-rvgp",
-    "GHSA-f4wq-6ww5-m56p"
-  ],
-  "osv_ids": [
-    "GO-2026-4365"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json
deleted file mode 100644
index d74b4c36..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20736",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
-  "summary": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:53.977351Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-hgr3-x44x-33hx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20736",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
-    "https://github.com/go-gitea/gitea/pull/36320",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20736",
-    "CVE-2026-20736",
-    "GHSA-hgr3-x44x-33hx",
-    "GHSA-jr6h-pwwp-c8g6",
-    "GO-2026-4367"
-  ],
-  "cve_ids": [
-    "CVE-2026-20736"
-  ],
-  "ghsa_ids": [
-    "GHSA-hgr3-x44x-33hx",
-    "GHSA-jr6h-pwwp-c8g6"
-  ],
-  "osv_ids": [
-    "GO-2026-4367"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary",
-    "file-upload-validation"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json
deleted file mode 100644
index d459c48b..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20750",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
-  "summary": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:57.697708Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-rw22-5hhq-pfpf",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20750",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/7b5de594cd92e30b9c3d40ffda119acad794cc64",
-    "https://github.com/go-gitea/gitea/pull/36318",
-    "https://github.com/go-gitea/gitea/pull/36373",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20750",
-    "CVE-2026-20750",
-    "GHSA-h4fh-pc4w-8w27",
-    "GHSA-rw22-5hhq-pfpf",
-    "GO-2026-4370"
-  ],
-  "cve_ids": [
-    "CVE-2026-20750"
-  ],
-  "ghsa_ids": [
-    "GHSA-h4fh-pc4w-8w27",
-    "GHSA-rw22-5hhq-pfpf"
-  ],
-  "osv_ids": [
-    "GO-2026-4370"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json
deleted file mode 100644
index 7c7db458..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20800",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
-  "summary": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:54.012782Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-2vgv-hgv4-22mh",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20800",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/67e75f30a83d2523cedc37ad7b03bcba66947833",
-    "https://github.com/go-gitea/gitea/pull/36339",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20800",
-    "CVE-2026-20800",
-    "GHSA-2vgv-hgv4-22mh",
-    "GHSA-g54m-9f6g-wj7q",
-    "GO-2026-4362"
-  ],
-  "cve_ids": [
-    "CVE-2026-20800"
-  ],
-  "ghsa_ids": [
-    "GHSA-2vgv-hgv4-22mh",
-    "GHSA-g54m-9f6g-wj7q"
-  ],
-  "osv_ids": [
-    "GO-2026-4362"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json
deleted file mode 100644
index fa2ecffc..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20883",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
-  "summary": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:54.692700Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-j8xr-c56q-m8jj",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20883",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/95ea2df00a70176c516b12f3cfee8c84a310280f",
-    "https://github.com/go-gitea/gitea/pull/36340",
-    "https://github.com/go-gitea/gitea/pull/36368",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20883",
-    "CVE-2026-20883",
-    "GHSA-644v-xv3j-xgqg",
-    "GHSA-j8xr-c56q-m8jj",
-    "GO-2026-4368"
-  ],
-  "cve_ids": [
-    "CVE-2026-20883"
-  ],
-  "ghsa_ids": [
-    "GHSA-644v-xv3j-xgqg",
-    "GHSA-j8xr-c56q-m8jj"
-  ],
-  "osv_ids": [
-    "GO-2026-4368"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json
deleted file mode 100644
index 0d6f0210..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20888",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
-  "summary": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:56.025932Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-9cgq-wp42-4rpq",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20888",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/pull/36341",
-    "https://github.com/go-gitea/gitea/pull/36356",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20888",
-    "CVE-2026-20888",
-    "GHSA-9cgq-wp42-4rpq",
-    "GHSA-ccq9-c5hv-cf64",
-    "GO-2026-4366"
-  ],
-  "cve_ids": [
-    "CVE-2026-20888"
-  ],
-  "ghsa_ids": [
-    "GHSA-9cgq-wp42-4rpq",
-    "GHSA-ccq9-c5hv-cf64"
-  ],
-  "osv_ids": [
-    "GO-2026-4366"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json
deleted file mode 100644
index d10991db..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20897",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
-  "summary": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:55.339967Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-393c-qgvj-3xph",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20897",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/da036f3f35ca830b22cf4480912ed261303b798f",
-    "https://github.com/go-gitea/gitea/pull/36344",
-    "https://github.com/go-gitea/gitea/pull/36349",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20897",
-    "CVE-2026-20897",
-    "GHSA-393c-qgvj-3xph",
-    "GHSA-rrq5-r9h5-pc7c",
-    "GO-2026-4363"
-  ],
-  "cve_ids": [
-    "CVE-2026-20897"
-  ],
-  "ghsa_ids": [
-    "GHSA-393c-qgvj-3xph",
-    "GHSA-rrq5-r9h5-pc7c"
-  ],
-  "osv_ids": [
-    "GO-2026-4363"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json
deleted file mode 100644
index 8adbdafc..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20904",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
-  "summary": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:54.244003Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-qqgv-v353-cv8p",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20904",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/ed5720af2ac94d74f822721c05b42b6148ff9c22",
-    "https://github.com/go-gitea/gitea/pull/36346",
-    "https://github.com/go-gitea/gitea/pull/36361",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20904",
-    "CVE-2026-20904",
-    "GHSA-jrpc-w85r-hgqx",
-    "GHSA-qqgv-v353-cv8p",
-    "GO-2026-4369"
-  ],
-  "cve_ids": [
-    "CVE-2026-20904"
-  ],
-  "ghsa_ids": [
-    "GHSA-jrpc-w85r-hgqx",
-    "GHSA-qqgv-v353-cv8p"
-  ],
-  "osv_ids": [
-    "GO-2026-4369"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json
deleted file mode 100644
index 312bb61f..00000000
--- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "gitea--CVE-2026-20912",
-  "system_id": "gitea",
-  "display_name": "Gitea",
-  "category": "platforms",
-  "advisory_mode": "core",
-  "title": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
-  "summary": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
-  "published_at": "2026-02-02T21:05:55Z",
-  "updated_at": "2026-03-03T04:57:55.747880Z",
-  "severity": "unknown",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/advisories/GHSA-4xx9-vc8v-87hv",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-20912",
-    "https://blog.gitea.com/release-of-1.25.4",
-    "https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
-    "https://github.com/go-gitea/gitea/pull/36320",
-    "https://github.com/go-gitea/gitea/pull/36355",
-    "https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
-  ],
-  "aliases": [
-    "BIT-gitea-2026-20912",
-    "CVE-2026-20912",
-    "GHSA-4xx9-vc8v-87hv",
-    "GHSA-vfmv-f93v-37mw",
-    "GO-2026-4364"
-  ],
-  "cve_ids": [
-    "CVE-2026-20912"
-  ],
-  "ghsa_ids": [
-    "GHSA-4xx9-vc8v-87hv",
-    "GHSA-vfmv-f93v-37mw"
-  ],
-  "osv_ids": [
-    "GO-2026-4364"
-  ],
-  "affected_versions": [
-    "introduced=0, fixed<1.25.4"
-  ],
-  "fixed_versions": [
-    "1.25.4"
-  ],
-  "package_name": "code.gitea.io/gitea",
-  "render_markdown": true,
-  "case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "token-cookie-storage",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "gitea-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json b/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json
deleted file mode 100644
index 7690c5cf..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json
+++ /dev/null
@@ -1,95 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2020-15242",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Open Redirect in Next.js versions",
-  "summary": "Open Redirect in Next.js versions",
-  "published_at": "2020-10-08T19:28:07Z",
-  "updated_at": "2026-03-13T22:14:13.665535Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
-    "https://github.com/vercel/next.js",
-    "https://github.com/zeit/next.js/releases/tag/v9.5.4"
-  ],
-  "aliases": [
-    "CVE-2020-15242",
-    "GHSA-x56p-c8cg-q435"
-  ],
-  "cve_ids": [
-    "CVE-2020-15242"
-  ],
-  "ghsa_ids": [
-    "GHSA-x56p-c8cg-q435"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=9.5.0, fixed<9.5.4"
-  ],
-  "fixed_versions": [
-    "9.5.4"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:28:37+00:00",
-  "last_run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
-    ],
-    "baseline_title": "Next.js Proxy Boundary Fixture",
-    "proof_title": "Next.js Proxy Boundary Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json b/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json
deleted file mode 100644
index b1f02379..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json
+++ /dev/null
@@ -1,67 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2020-5284",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Directory Traversal in Next.js",
-  "summary": "Directory Traversal in Next.js",
-  "published_at": "2020-03-30T20:40:50Z",
-  "updated_at": "2025-09-26T17:49:56Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2020-5284",
-    "https://github.com/zeit/next.js/releases/tag/v9.3.2",
-    "https://www.npmjs.com/advisories/1503"
-  ],
-  "aliases": [
-    "CVE-2020-5284",
-    "GHSA-fq77-7p7r-83rj"
-  ],
-  "cve_ids": [
-    "CVE-2020-5284"
-  ],
-  "ghsa_ids": [
-    "GHSA-fq77-7p7r-83rj"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<9.3.2"
-  ],
-  "fixed_versions": [
-    "9.3.2"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "path-traversal-guard"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json b/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json
deleted file mode 100644
index a3b5b685..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json
+++ /dev/null
@@ -1,67 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2021-37699",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Open Redirect in Next.js",
-  "summary": "Open Redirect in Next.js",
-  "published_at": "2021-08-12T14:51:14Z",
-  "updated_at": "2026-03-13T22:00:08.038285Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-37699",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v11.1.0"
-  ],
-  "aliases": [
-    "CVE-2021-37699",
-    "GHSA-vxf5-wxwp-m7g9"
-  ],
-  "cve_ids": [
-    "CVE-2021-37699"
-  ],
-  "ghsa_ids": [
-    "GHSA-vxf5-wxwp-m7g9"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<11.1.0"
-  ],
-  "fixed_versions": [
-    "11.1.0"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json b/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json
deleted file mode 100644
index 5e6d7350..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json
+++ /dev/null
@@ -1,98 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2021-39178",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "XSS in Image Optimization API for Next.js",
-  "summary": "XSS in Image Optimization API for Next.js",
-  "published_at": "2021-09-01T18:24:22Z",
-  "updated_at": "2026-03-13T22:00:20.154452Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-39178",
-    "https://github.com/vercel/next.js/pull/28620",
-    "https://github.com/vercel/next.js/commit/7afc97c5744b38bdf36aa7f87625f438224688aa",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v11.1.1"
-  ],
-  "aliases": [
-    "CVE-2021-39178",
-    "GHSA-9gr3-7897-pp7m"
-  ],
-  "cve_ids": [
-    "CVE-2021-39178"
-  ],
-  "ghsa_ids": [
-    "GHSA-9gr3-7897-pp7m"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=10.0.0, fixed<11.1.1"
-  ],
-  "fixed_versions": [
-    "11.1.1"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "xss-output-encoding"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:30:38+00:00",
-  "last_run_id": "nextjs-nextjs--CVE-2021-39178-20260318013032",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/logs/proof-page.json"
-    ],
-    "baseline_title": "Next.js XSS Fixture",
-    "proof_title": "Next.js XSS Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json b/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json
deleted file mode 100644
index c595f6f0..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2021-43803",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Unexpected server crash in Next.js.",
-  "summary": "Unexpected server crash in Next.js.",
-  "published_at": "2021-12-07T21:12:09Z",
-  "updated_at": "2026-03-13T22:00:36.554552Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2021-43803",
-    "https://github.com/vercel/next.js/pull/32080",
-    "https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v11.1.3",
-    "https://github.com/vercel/next.js/releases/v12.0.5"
-  ],
-  "aliases": [
-    "CVE-2021-43803",
-    "GHSA-25mp-g6fv-mqxx"
-  ],
-  "cve_ids": [
-    "CVE-2021-43803"
-  ],
-  "ghsa_ids": [
-    "GHSA-25mp-g6fv-mqxx"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=12.0.0, fixed<12.0.5",
-    "introduced=0.9.9, fixed<11.1.3"
-  ],
-  "fixed_versions": [
-    "12.0.5",
-    "11.1.3"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json
deleted file mode 100644
index 6fbd3ad8..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2024-34351",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Server-Side Request Forgery in Server Actions",
-  "summary": "Next.js Server-Side Request Forgery in Server Actions",
-  "published_at": "2024-05-09T21:18:57Z",
-  "updated_at": "2026-02-04T03:32:36.434669Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
-    "https://github.com/vercel/next.js/pull/62561",
-    "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
-    "https://github.com/vercel/next.js"
-  ],
-  "aliases": [
-    "CVE-2024-34351",
-    "GHSA-fr5h-rqp8-mj6g"
-  ],
-  "cve_ids": [
-    "CVE-2024-34351"
-  ],
-  "ghsa_ids": [
-    "GHSA-fr5h-rqp8-mj6g"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.4.0, fixed<14.1.1"
-  ],
-  "fixed_versions": [
-    "14.1.1"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "ssrf-url-validation"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:29:57+00:00",
-  "last_run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null,
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json
deleted file mode 100644
index 28022d1c..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2024-46982",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Cache Poisoning",
-  "summary": "Next.js Cache Poisoning",
-  "published_at": "2024-09-17T21:58:09Z",
-  "updated_at": "2026-02-04T03:45:33.402195Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
-    "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
-    "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
-    "https://github.com/vercel/next.js"
-  ],
-  "aliases": [
-    "CVE-2024-46982",
-    "GHSA-gp8f-8m3g-qvj9"
-  ],
-  "cve_ids": [
-    "CVE-2024-46982"
-  ],
-  "ghsa_ids": [
-    "GHSA-gp8f-8m3g-qvj9"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.5.1, fixed<13.5.7",
-    "introduced=14.0.0, fixed<14.2.10"
-  ],
-  "fixed_versions": [
-    "13.5.7",
-    "14.2.10"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json
deleted file mode 100644
index ebd684b0..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2024-47831",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Denial of Service condition in Next.js image optimization",
-  "summary": "Denial of Service condition in Next.js image optimization",
-  "published_at": "2024-10-14T19:45:21Z",
-  "updated_at": "2026-02-04T03:25:43.295558Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
-    "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
-    "https://github.com/vercel/next.js"
-  ],
-  "aliases": [
-    "CVE-2024-47831",
-    "GHSA-g77x-44xx-532m"
-  ],
-  "cve_ids": [
-    "CVE-2024-47831"
-  ],
-  "ghsa_ids": [
-    "GHSA-g77x-44xx-532m"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=10.0.0, fixed<14.2.7"
-  ],
-  "fixed_versions": [
-    "14.2.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json
deleted file mode 100644
index e8e5360b..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2024-51479",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js authorization bypass vulnerability",
-  "summary": "Next.js authorization bypass vulnerability",
-  "published_at": "2024-12-17T15:09:06Z",
-  "updated_at": "2025-09-10T21:12:24Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
-    "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v14.2.15"
-  ],
-  "aliases": [
-    "CVE-2024-51479",
-    "GHSA-7gfc-8cq8-jh5f"
-  ],
-  "cve_ids": [
-    "CVE-2024-51479"
-  ],
-  "ghsa_ids": [
-    "GHSA-7gfc-8cq8-jh5f"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=9.5.5, fixed<14.2.15"
-  ],
-  "fixed_versions": [
-    "14.2.15"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:29:17+00:00",
-  "last_run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null,
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json
deleted file mode 100644
index 89a918cc..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2024-56332",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-  "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
-  "published_at": "2025-01-03T20:19:29Z",
-  "updated_at": "2026-02-04T04:36:04.252972Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
-    "https://github.com/vercel/next.js"
-  ],
-  "aliases": [
-    "CVE-2024-56332",
-    "GHSA-7m27-7ghc-44w9"
-  ],
-  "cve_ids": [
-    "CVE-2024-56332"
-  ],
-  "ghsa_ids": [
-    "GHSA-7m27-7ghc-44w9"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.0.0, fixed<13.5.8",
-    "introduced=14.0.0, fixed<14.2.21",
-    "introduced=15.0.0, fixed<15.1.2"
-  ],
-  "fixed_versions": [
-    "13.5.8",
-    "14.2.21",
-    "15.1.2"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json
deleted file mode 100644
index b644bef7..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-29927",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Authorization Bypass in Next.js Middleware",
-  "summary": "Authorization Bypass in Next.js Middleware",
-  "published_at": "2025-03-21T15:20:12Z",
-  "updated_at": "2026-03-04T15:06:29.993197Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
-    "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
-    "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v12.3.5",
-    "https://github.com/vercel/next.js/releases/tag/v13.5.9",
-    "https://security.netapp.com/advisory/ntap-20250328-0002",
-    "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
-    "http://www.openwall.com/lists/oss-security/2025/03/23/3",
-    "http://www.openwall.com/lists/oss-security/2025/03/23/4"
-  ],
-  "aliases": [
-    "CVE-2025-29927",
-    "GHSA-f82v-jwr5-mffw"
-  ],
-  "cve_ids": [
-    "CVE-2025-29927"
-  ],
-  "ghsa_ids": [
-    "GHSA-f82v-jwr5-mffw"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.0.0, fixed<13.5.9",
-    "introduced=14.0.0, fixed<14.2.25",
-    "introduced=15.0.0, fixed<15.2.3",
-    "introduced=12.0.0, fixed<12.3.5"
-  ],
-  "fixed_versions": [
-    "13.5.9",
-    "14.2.25",
-    "15.2.3",
-    "12.3.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-17T06:30:47+00:00",
-  "last_run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
-  "browser_evidence": null,
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "official-source",
-  "blocked_reason": "dry-run only",
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json
deleted file mode 100644
index 7e6576df..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-30218",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js may leak x-middleware-subrequest-id to external hosts",
-  "summary": "Next.js may leak x-middleware-subrequest-id to external hosts",
-  "published_at": "2025-04-02T22:35:37Z",
-  "updated_at": "2025-10-13T15:35:50Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-30218",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O"
-  ],
-  "aliases": [
-    "CVE-2025-30218",
-    "GHSA-223j-4rm8-mrmf"
-  ],
-  "cve_ids": [
-    "CVE-2025-30218"
-  ],
-  "ghsa_ids": [
-    "GHSA-223j-4rm8-mrmf"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "12.3.5",
-    "13.5.9",
-    "14.2.25",
-    "15.2.3",
-    "introduced=12.3.5, fixed<12.3.6",
-    "introduced=13.5.9, fixed<13.5.10",
-    "introduced=14.2.25, fixed<14.2.26",
-    "introduced=15.2.3, fixed<15.2.4"
-  ],
-  "fixed_versions": [
-    "12.3.6",
-    "13.5.10",
-    "14.2.26",
-    "15.2.4"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json
deleted file mode 100644
index ddfd23a7..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-32421",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Race Condition to Cache Poisoning",
-  "summary": "Next.js Race Condition to Cache Poisoning",
-  "published_at": "2025-05-15T14:12:26Z",
-  "updated_at": "2025-09-26T17:48:29Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-32421",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-32421"
-  ],
-  "aliases": [
-    "CVE-2025-32421",
-    "GHSA-qpjv-v59x-3qc4"
-  ],
-  "cve_ids": [
-    "CVE-2025-32421"
-  ],
-  "ghsa_ids": [
-    "GHSA-qpjv-v59x-3qc4"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.24",
-    "introduced=15.0.0, fixed<15.1.6"
-  ],
-  "fixed_versions": [
-    "14.2.24",
-    "15.1.6"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json
deleted file mode 100644
index 3906946b..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-48068",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Information exposure in Next.js dev server due to lack of origin verification",
-  "summary": "Information exposure in Next.js dev server due to lack of origin verification",
-  "published_at": "2025-05-28T21:52:13Z",
-  "updated_at": "2025-06-13T14:41:21Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-48068",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-48068"
-  ],
-  "aliases": [
-    "CVE-2025-48068",
-    "GHSA-3h52-269p-cp9r"
-  ],
-  "cve_ids": [
-    "CVE-2025-48068"
-  ],
-  "ghsa_ids": [
-    "GHSA-3h52-269p-cp9r"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=15.0.0, fixed<15.2.2",
-    "introduced=13.0, fixed<14.2.30"
-  ],
-  "fixed_versions": [
-    "15.2.2",
-    "14.2.30"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json
deleted file mode 100644
index bb060498..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-49005",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-  "summary": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
-  "published_at": "2025-07-03T20:30:18Z",
-  "updated_at": "2026-02-04T02:37:18.974477Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-49005",
-    "https://github.com/vercel/next.js/issues/79346",
-    "https://github.com/vercel/next.js/pull/79939",
-    "https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v15.3.3",
-    "https://vercel.com/changelog/cve-2025-49005"
-  ],
-  "aliases": [
-    "CVE-2025-49005",
-    "GHSA-r2fc-ccr8-96c4"
-  ],
-  "cve_ids": [
-    "CVE-2025-49005"
-  ],
-  "ghsa_ids": [
-    "GHSA-r2fc-ccr8-96c4"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=15.3.0, fixed<15.3.3"
-  ],
-  "fixed_versions": [
-    "15.3.3"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json
deleted file mode 100644
index 04c0f0b3..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-49826",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-  "summary": "Next.JS vulnerability can lead to DoS via cache poisoning ",
-  "published_at": "2025-07-03T21:14:48Z",
-  "updated_at": "2025-07-03T21:49:52Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
-    "https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
-    "https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v15.1.8",
-    "https://vercel.com/changelog/cve-2025-49826"
-  ],
-  "aliases": [
-    "CVE-2025-49826",
-    "GHSA-67rr-84xm-4c7r"
-  ],
-  "cve_ids": [
-    "CVE-2025-49826"
-  ],
-  "ghsa_ids": [
-    "GHSA-67rr-84xm-4c7r"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=15.0.4-canary.51, fixed<15.1.8"
-  ],
-  "fixed_versions": [
-    "15.1.8"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json
deleted file mode 100644
index a4143d79..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-55173",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Content Injection Vulnerability for Image Optimization",
-  "summary": "Next.js Content Injection Vulnerability for Image Optimization",
-  "published_at": "2025-08-29T21:59:55Z",
-  "updated_at": "2026-02-04T04:35:34.538107Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
-    "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-55173",
-    "http://vercel.com/changelog/cve-2025-55173"
-  ],
-  "aliases": [
-    "CVE-2025-55173",
-    "GHSA-xv57-4mr9-wg8v"
-  ],
-  "cve_ids": [
-    "CVE-2025-55173"
-  ],
-  "ghsa_ids": [
-    "GHSA-xv57-4mr9-wg8v"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.31",
-    "introduced=15.0.0, fixed<15.4.5"
-  ],
-  "fixed_versions": [
-    "14.2.31",
-    "15.4.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json
deleted file mode 100644
index e653f44a..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-57752",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-  "summary": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
-  "published_at": "2025-08-29T22:06:22Z",
-  "updated_at": "2026-02-04T02:50:08.291668Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
-    "https://github.com/vercel/next.js/pull/82114",
-    "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-57752"
-  ],
-  "aliases": [
-    "CVE-2025-57752",
-    "GHSA-g5qg-72qw-gw5v"
-  ],
-  "cve_ids": [
-    "CVE-2025-57752"
-  ],
-  "ghsa_ids": [
-    "GHSA-g5qg-72qw-gw5v"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.31",
-    "introduced=15.0.0, fixed<15.4.5"
-  ],
-  "fixed_versions": [
-    "14.2.31",
-    "15.4.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json
deleted file mode 100644
index d61ac2b1..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-57822",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-  "summary": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
-  "published_at": "2025-08-29T21:33:09Z",
-  "updated_at": "2026-02-04T04:20:45.658010Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
-    "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/cve-2025-57822"
-  ],
-  "aliases": [
-    "CVE-2025-57822",
-    "GHSA-4342-x723-ch2f"
-  ],
-  "cve_ids": [
-    "CVE-2025-57822"
-  ],
-  "ghsa_ids": [
-    "GHSA-4342-x723-ch2f"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0.9.9, fixed<14.2.32",
-    "introduced=15.0.0-canary.0, fixed<15.4.7"
-  ],
-  "fixed_versions": [
-    "14.2.32",
-    "15.4.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "ssrf-url-validation"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json
deleted file mode 100644
index 48cab9eb..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-59471",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
-  "summary": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
-  "published_at": "2026-01-27T19:18:25Z",
-  "updated_at": "2026-02-10T01:28:46.973023Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
-    "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
-    "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
-    "https://github.com/vercel/next.js",
-    "https://github.com/vercel/next.js/releases/tag/v15.5.10",
-    "https://github.com/vercel/next.js/releases/tag/v16.1.5"
-  ],
-  "aliases": [
-    "CVE-2025-59471",
-    "GHSA-9g9p-9gw9-jx7f"
-  ],
-  "cve_ids": [
-    "CVE-2025-59471"
-  ],
-  "ghsa_ids": [
-    "GHSA-9g9p-9gw9-jx7f"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=10.0.0, fixed<15.5.10",
-    "introduced=15.6.0-canary.0, fixed<16.1.5"
-  ],
-  "fixed_versions": [
-    "15.5.10",
-    "16.1.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json
deleted file mode 100644
index 3d3bafc6..00000000
--- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  "canonical_id": "nextjs--CVE-2025-59472",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
-  "summary": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
-  "published_at": "2026-01-28T15:20:55Z",
-  "updated_at": "2026-02-06T13:13:43.709252Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
-  ],
-  "aliases": [
-    "CVE-2025-59472",
-    "GHSA-5f7q-jpqc-wp7h"
-  ],
-  "cve_ids": [
-    "CVE-2025-59472"
-  ],
-  "ghsa_ids": [
-    "GHSA-5f7q-jpqc-wp7h"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=15.0.0-canary.0, fixed<15.6.0-canary.61",
-    "introduced=16.0.0-beta.0, fixed<16.1.5"
-  ],
-  "fixed_versions": [
-    "15.6.0-canary.61",
-    "16.1.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
new file mode 100644
index 00000000..02bb136a
--- /dev/null
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
@@ -0,0 +1,72 @@
+{
+  "canonical_id": "nextjs--CVE-2026-27977",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
+  "summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
+  "published_at": "2026-03-17T15:29:48Z",
+  "updated_at": "2026-03-17T15:46:26.028580Z",
+  "severity": "medium",
+  "cvss_score": 4.0,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7-9wpm-mj36",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+  ],
+  "aliases": [
+    "CVE-2026-27977",
+    "GHSA-jcc7-9wpm-mj36"
+  ],
+  "cve_ids": [
+    "CVE-2026-27977"
+  ],
+  "ghsa_ids": [
+    "GHSA-jcc7-9wpm-mj36"
+  ],
+  "osv_ids": [
+    "GHSA-jcc7-9wpm-mj36"
+  ],
+  "affected_versions": [
+    "introduced=16.0.1, fixed<16.1.7"
+  ],
+  "fixed_versions": [
+    "16.1.7"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "artifact_mode": "official-source",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Next.js"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json
new file mode 100644
index 00000000..0a161750
--- /dev/null
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27978.json
@@ -0,0 +1,72 @@
+{
+  "canonical_id": "nextjs--CVE-2026-27978",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js: null origin can bypass Server Actions CSRF checks",
+  "summary": "## Summary\n`origin: null` was treated as a \"missing\" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed iframes) could bypass origin verification instead of being validated as cross-origin requests.\n\n## Impact\nAn attacker could induce a victim browser to submit Server Actions from a sandboxed context, potentially executing state-changing actions with victim credentials (CSRF).\n\n## Patches\nFixed by treating `'null'` as an explicit origin value and enforcing host/origin checks unless `'null'` is explicitly allowlisted in `experimental.serverActions.allowedOrigins`.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Add CSRF tokens for sensitive Server Actions.\n- Prefer `SameSite=Strict` on sensitive auth cookies.\n- Do not allow `'null'` in `serverActions.allowedOrigins` unless intentionally required and additionally protected.",
+  "published_at": "2026-03-17T15:30:14Z",
+  "updated_at": "2026-03-17T15:46:43.484729Z",
+  "severity": "medium",
+  "cvss_score": 4.0,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mq59-m269-xvcx",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+  ],
+  "aliases": [
+    "CVE-2026-27978",
+    "GHSA-mq59-m269-xvcx"
+  ],
+  "cve_ids": [
+    "CVE-2026-27978"
+  ],
+  "ghsa_ids": [
+    "GHSA-mq59-m269-xvcx"
+  ],
+  "osv_ids": [
+    "GHSA-mq59-m269-xvcx"
+  ],
+  "affected_versions": [
+    "introduced=16.0.1, fixed<16.1.7"
+  ],
+  "fixed_versions": [
+    "16.1.7"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "artifact_mode": "official-source",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Next.js"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json
new file mode 100644
index 00000000..933fc6d3
--- /dev/null
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27979.json
@@ -0,0 +1,72 @@
+{
+  "canonical_id": "nextjs--CVE-2026-27979",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
+  "summary": "## Summary\nA request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior.\n\n## Impact\nIn applications using the App Router with Partial Prerendering capability enabled (via `experimental.ppr` or `cacheComponents`), an attacker could send oversized `next-resume` POST payloads that were buffered without consistent size enforcement in non-minimal deployments, causing excessive memory usage and potential denial of service.\n\n## Patches\nFixed by enforcing size limits across all postponed-body buffering paths and erroring when limits are exceeded.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block requests containing the `next-resume` header, as this is never valid to be sent from an untrusted client.",
+  "published_at": "2026-03-17T16:16:49Z",
+  "updated_at": "2026-03-17T16:31:34.160932Z",
+  "severity": "medium",
+  "cvss_score": 4.0,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-h27x-g6w4-24gq",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+  ],
+  "aliases": [
+    "CVE-2026-27979",
+    "GHSA-h27x-g6w4-24gq"
+  ],
+  "cve_ids": [
+    "CVE-2026-27979"
+  ],
+  "ghsa_ids": [
+    "GHSA-h27x-g6w4-24gq"
+  ],
+  "osv_ids": [
+    "GHSA-h27x-g6w4-24gq"
+  ],
+  "affected_versions": [
+    "introduced=16.0.1, fixed<16.1.7"
+  ],
+  "fixed_versions": [
+    "16.1.7"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "artifact_mode": "official-source",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Next.js"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json
new file mode 100644
index 00000000..3604a2e2
--- /dev/null
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-27980.json
@@ -0,0 +1,72 @@
+{
+  "canonical_id": "nextjs--CVE-2026-27980",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
+  "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+  "published_at": "2026-03-17T16:17:06Z",
+  "updated_at": "2026-03-17T16:31:33.597080Z",
+  "severity": "medium",
+  "cvss_score": 4.0,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+  ],
+  "aliases": [
+    "CVE-2026-27980",
+    "GHSA-3x4c-7xq6-9pq8"
+  ],
+  "cve_ids": [
+    "CVE-2026-27980"
+  ],
+  "ghsa_ids": [
+    "GHSA-3x4c-7xq6-9pq8"
+  ],
+  "osv_ids": [
+    "GHSA-3x4c-7xq6-9pq8"
+  ],
+  "affected_versions": [
+    "introduced=10.0.0, fixed<16.1.7"
+  ],
+  "fixed_versions": [
+    "16.1.7"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "nextjs-proxy-boundary",
+  "artifact_mode": "official-source",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Next.js"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json b/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
new file mode 100644
index 00000000..a5547577
--- /dev/null
+++ b/08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
@@ -0,0 +1,77 @@
+{
+  "canonical_id": "nextjs--CVE-2026-29057",
+  "system_id": "nextjs",
+  "display_name": "Next.js",
+  "category": "frameworks",
+  "advisory_mode": "core",
+  "title": "Next.js: HTTP request smuggling in rewrites",
+  "summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
+  "published_at": "2026-03-17T16:17:15Z",
+  "updated_at": "2026-03-17T16:31:26.646070Z",
+  "severity": "medium",
+  "cvss_score": 4.0,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
+  "secondary_source_urls": [
+    "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
+    "https://github.com/vercel/next.js",
+    "https://github.com/vercel/next.js/releases/tag/v15.5.13",
+    "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+  ],
+  "aliases": [
+    "CVE-2026-29057",
+    "GHSA-ggv3-7p47-pfv8"
+  ],
+  "cve_ids": [
+    "CVE-2026-29057"
+  ],
+  "ghsa_ids": [
+    "GHSA-ggv3-7p47-pfv8"
+  ],
+  "osv_ids": [
+    "GHSA-ggv3-7p47-pfv8"
+  ],
+  "affected_versions": [
+    "introduced=16.0.0-beta.0, fixed<16.1.7",
+    "introduced=9.5.0, fixed<15.5.13"
+  ],
+  "fixed_versions": [
+    "16.1.7",
+    "15.5.13"
+  ],
+  "package_name": "next",
+  "render_markdown": true,
+  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md",
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "proxy-trust-boundary",
+    "token-cookie-storage",
+    "request-smuggling-boundary",
+    "dependency-upgrade-policy"
+  ],
+  "status": "generated",
+  "triage_reasons": [],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "request-smuggling-generic",
+  "artifact_mode": "official-source",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "OSV Next.js"
+    ],
+    "source_kinds": [
+      "osv-batch"
+    ],
+    "candidate_count": 1
+  }
+}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json b/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json
deleted file mode 100644
index 389fdac1..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json
+++ /dev/null
@@ -1,84 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-  "summary": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-  "published_at": "2025-12-12T17:21:57Z",
-  "updated_at": "2026-02-04T02:46:38.768104Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
-    "https://github.com/vercel/next.js",
-    "https://nextjs.org/blog/security-update-2025-12-11",
-    "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
-    "https://www.cve.org/CVERecord?id=CVE-2025-55184",
-    "https://www.facebook.com/security/advisories/cve-2025-67779"
-  ],
-  "aliases": [
-    "GHSA-5j59-xgg2-r9c4"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-5j59-xgg2-r9c4"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.3.1-canary.0, fixed<14.2.35",
-    "introduced=15.0.6, fixed<15.0.7",
-    "introduced=15.1.10, fixed<15.1.11",
-    "introduced=15.2.7, fixed<15.2.8",
-    "introduced=15.3.7, fixed<15.3.8",
-    "introduced=15.4.9, fixed<15.4.10",
-    "introduced=15.5.8, fixed<15.5.9",
-    "introduced=15.6.0-canary.59, fixed<15.6.0-canary.60",
-    "introduced=16.0.9, fixed<16.0.10",
-    "introduced=16.1.0-canary.17, fixed<16.1.0-canary.19"
-  ],
-  "fixed_versions": [
-    "14.2.35",
-    "15.0.7",
-    "15.1.11",
-    "15.2.8",
-    "15.3.8",
-    "15.4.10",
-    "15.5.9",
-    "15.6.0-canary.60",
-    "16.0.10",
-    "16.1.0-canary.19"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json b/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json
deleted file mode 100644
index 5687e9f7..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js is vulnerable to RCE in React flight protocol",
-  "summary": "Next.js is vulnerable to RCE in React flight protocol",
-  "published_at": "2025-12-03T19:07:11Z",
-  "updated_at": "2026-02-04T03:45:15.823345Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
-    "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
-    "https://github.com/vercel/next.js"
-  ],
-  "aliases": [
-    "GHSA-9qr9-h5gf-34mp"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-9qr9-h5gf-34mp"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=14.3.0-canary.77, fixed<15.0.5",
-    "introduced=15.1.0-canary.0, fixed<15.1.9",
-    "introduced=15.2.0-canary.0, fixed<15.2.6",
-    "introduced=15.3.0-canary.0, fixed<15.3.6",
-    "introduced=15.4.0-canary.0, fixed<15.4.8",
-    "introduced=15.5.0-canary.0, fixed<15.5.7",
-    "introduced=16.0.0-canary.0, fixed<16.0.7"
-  ],
-  "fixed_versions": [
-    "15.0.5",
-    "15.1.9",
-    "15.2.6",
-    "15.3.6",
-    "15.4.8",
-    "15.5.7",
-    "16.0.7"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json b/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json
deleted file mode 100644
index 8aa6752b..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-  "summary": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
-  "published_at": "2026-01-28T15:38:01Z",
-  "updated_at": "2026-02-13T00:43:52.836085Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
-    "https://github.com/vercel/next.js",
-    "https://vercel.com/changelog/summary-of-cve-2026-23864"
-  ],
-  "aliases": [
-    "GHSA-h25m-26qc-wcjf"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-h25m-26qc-wcjf"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.0.0, fixed<15.0.8",
-    "introduced=15.1.1-canary.0, fixed<15.1.12",
-    "introduced=15.2.0-canary.0, fixed<15.2.9",
-    "introduced=15.3.0-canary.0, fixed<15.3.9",
-    "introduced=15.4.0-canary.0, fixed<15.4.11",
-    "introduced=15.5.1-canary.0, fixed<15.5.10",
-    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.61",
-    "introduced=16.0.0-beta.0, fixed<16.0.11",
-    "introduced=16.1.0-canary.0, fixed<16.1.5"
-  ],
-  "fixed_versions": [
-    "15.0.8",
-    "15.1.12",
-    "15.2.9",
-    "15.3.9",
-    "15.4.11",
-    "15.5.10",
-    "15.6.0-canary.61",
-    "16.0.11",
-    "16.1.5"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy",
-    "deserialization-safety"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:31:16+00:00",
-  "last_run_id": "nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318013112",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318013112",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null,
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json b/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json
deleted file mode 100644
index 6f061e4a..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json
+++ /dev/null
@@ -1,82 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next Vulnerable to Denial of Service with Server Components",
-  "summary": "Next Vulnerable to Denial of Service with Server Components",
-  "published_at": "2025-12-11T22:49:27Z",
-  "updated_at": "2026-02-04T03:55:54.855562Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js",
-    "https://nextjs.org/blog/security-update-2025-12-11",
-    "https://www.cve.org/CVERecord?id=CVE-2025-55184"
-  ],
-  "aliases": [
-    "GHSA-mwv6-3258-q52c"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-mwv6-3258-q52c"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=13.3.0, fixed<14.2.34",
-    "introduced=15.0.0-canary.0, fixed<15.0.6",
-    "introduced=15.1.1-canary.0, fixed<15.1.10",
-    "introduced=15.2.0-canary.0, fixed<15.2.7",
-    "introduced=15.3.0-canary.0, fixed<15.3.7",
-    "introduced=15.4.0-canary.0, fixed<15.4.9",
-    "introduced=15.5.1-canary.0, fixed<15.5.8",
-    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
-    "introduced=16.0.0-beta.0, fixed<16.0.9",
-    "introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
-  ],
-  "fixed_versions": [
-    "14.2.34",
-    "15.0.6",
-    "15.1.10",
-    "15.2.7",
-    "15.3.7",
-    "15.4.9",
-    "15.5.8",
-    "15.6.0-canary.59",
-    "16.0.9",
-    "16.1.0-canary.17"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json b/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json
deleted file mode 100644
index b5736ec0..00000000
--- a/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  "canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
-  "system_id": "nextjs",
-  "display_name": "Next.js",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Next Server Actions Source Code Exposure ",
-  "summary": "Next Server Actions Source Code Exposure ",
-  "published_at": "2025-12-11T22:49:56Z",
-  "updated_at": "2026-02-04T02:51:40.627151Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
-  "secondary_source_urls": [
-    "https://github.com/vercel/next.js",
-    "https://nextjs.org/blog/security-update-2025-12-11",
-    "https://www.cve.org/CVERecord?id=CVE-2025-55183"
-  ],
-  "aliases": [
-    "GHSA-w37m-7fhw-fmv9"
-  ],
-  "cve_ids": [],
-  "ghsa_ids": [
-    "GHSA-w37m-7fhw-fmv9"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=15.0.0-canary.0, fixed<15.0.6",
-    "introduced=15.1.1-canary.0, fixed<15.1.10",
-    "introduced=15.2.0-canary.0, fixed<15.2.7",
-    "introduced=15.3.0-canary.0, fixed<15.3.7",
-    "introduced=15.4.0-canary.0, fixed<15.4.9",
-    "introduced=15.5.1-canary.0, fixed<15.5.8",
-    "introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
-    "introduced=16.0.0-beta.0, fixed<16.0.9",
-    "introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
-  ],
-  "fixed_versions": [
-    "15.0.6",
-    "15.1.10",
-    "15.2.7",
-    "15.3.7",
-    "15.4.9",
-    "15.5.8",
-    "15.6.0-canary.59",
-    "16.0.9",
-    "16.1.0-canary.17"
-  ],
-  "package_name": "next",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md",
-  "secure_code_topics": [
-    "authz-server-side-recheck",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "nextjs-authz-bypass",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json b/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json
deleted file mode 100644
index 9e025092..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json
+++ /dev/null
@@ -1,79 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2022-31151",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-  "summary": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
-  "published_at": "2022-07-21T20:31:05Z",
-  "updated_at": "2026-02-04T03:02:08.652391Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
-    "https://github.com/nodejs/undici/issues/872",
-    "https://github.com/nodejs/undici/pull/1441",
-    "https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
-    "https://hackerone.com/reports/1635514",
-    "https://github.com/nodejs/undici",
-    "https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
-    "https://github.com/nodejs/undici/releases/tag/v5.8.0",
-    "https://security.netapp.com/advisory/ntap-20220909-0006"
-  ],
-  "aliases": [
-    "CVE-2022-31151",
-    "GHSA-q768-x9m6-m9qp"
-  ],
-  "cve_ids": [
-    "CVE-2022-31151"
-  ],
-  "ghsa_ids": [
-    "GHSA-q768-x9m6-m9qp"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<5.8.0"
-  ],
-  "fixed_versions": [
-    "5.8.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "token-cookie-storage",
-    "dependency-upgrade-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:31:55+00:00",
-  "last_run_id": "undici-undici--CVE-2022-31151-20260318013150",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150",
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": [],
-    "baseline_refs": [],
-    "proof_refs": [],
-    "baseline_title": null,
-    "proof_title": null,
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json b/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json
deleted file mode 100644
index 9fa6eef5..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json
+++ /dev/null
@@ -1,65 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2022-32210",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "ProxyAgent vulnerable to MITM",
-  "summary": "ProxyAgent vulnerable to MITM",
-  "published_at": "2022-06-17T01:02:29Z",
-  "updated_at": "2026-03-13T22:15:23.541247Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
-    "https://hackerone.com/reports/1583680",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2022-32210",
-    "GHSA-pgw7-wx7w-2w33"
-  ],
-  "cve_ids": [
-    "CVE-2022-32210"
-  ],
-  "ghsa_ids": [
-    "GHSA-pgw7-wx7w-2w33"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=4.8.2, fixed<5.5.1"
-  ],
-  "fixed_versions": [
-    "5.5.1"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json b/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json
deleted file mode 100644
index 05085492..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2023-45143",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-  "summary": "Undici's cookie header not cleared on cross-origin redirect in fetch",
-  "published_at": "2023-10-16T14:05:37Z",
-  "updated_at": "2026-02-04T02:35:56.289390Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
-  "secondary_source_urls": [
-    "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
-    "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
-    "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
-    "https://hackerone.com/reports/2166948",
-    "https://github.com/nodejs/undici",
-    "https://github.com/nodejs/undici/releases/tag/v5.26.2",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
-  ],
-  "aliases": [
-    "CVE-2023-45143",
-    "GHSA-wqq4-5wpv-mx2g"
-  ],
-  "cve_ids": [
-    "CVE-2023-45143"
-  ],
-  "ghsa_ids": [
-    "GHSA-wqq4-5wpv-mx2g"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<5.26.2"
-  ],
-  "fixed_versions": [
-    "5.26.2"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "token-cookie-storage"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json b/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json
deleted file mode 100644
index 7bb428c6..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2024-30260",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-  "summary": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
-  "published_at": "2024-04-04T14:20:39Z",
-  "updated_at": "2025-11-04T19:44:28Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
-    "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
-    "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
-    "https://hackerone.com/reports/2408074",
-    "https://github.com/nodejs/undici",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-    "https://security.netapp.com/advisory/ntap-20240905-0008"
-  ],
-  "aliases": [
-    "CVE-2024-30260",
-    "GHSA-m4v8-wqvr-p9f7"
-  ],
-  "cve_ids": [
-    "CVE-2024-30260"
-  ],
-  "ghsa_ids": [
-    "GHSA-m4v8-wqvr-p9f7"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<5.28.4",
-    "introduced=6.0.0, fixed<6.11.1"
-  ],
-  "fixed_versions": [
-    "5.28.4",
-    "6.11.1"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json b/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json
deleted file mode 100644
index f6d5d92e..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2024-30261",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-  "summary": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
-  "published_at": "2024-04-04T14:20:54Z",
-  "updated_at": "2025-11-04T19:44:42Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
-    "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
-    "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
-    "https://hackerone.com/reports/2377760",
-    "https://github.com/nodejs/undici",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
-    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
-    "https://security.netapp.com/advisory/ntap-20240905-0008"
-  ],
-  "aliases": [
-    "CVE-2024-30261",
-    "GHSA-9qxr-qj54-h672"
-  ],
-  "cve_ids": [
-    "CVE-2024-30261"
-  ],
-  "ghsa_ids": [
-    "GHSA-9qxr-qj54-h672"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<5.28.4",
-    "introduced=6.0.0, fixed<6.11.1"
-  ],
-  "fixed_versions": [
-    "5.28.4",
-    "6.11.1"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json b/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json
deleted file mode 100644
index 707799d9..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2025-22150",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Use of Insufficiently Random Values in undici",
-  "summary": "Use of Insufficiently Random Values in undici",
-  "published_at": "2025-01-21T21:10:47Z",
-  "updated_at": "2026-02-04T02:29:26.373390Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
-    "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
-    "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
-    "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
-    "https://hackerone.com/reports/2913312",
-    "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
-    "https://github.com/nodejs/undici",
-    "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
-  ],
-  "aliases": [
-    "CVE-2025-22150",
-    "GHSA-c76h-2ccp-4975"
-  ],
-  "cve_ids": [
-    "CVE-2025-22150"
-  ],
-  "ghsa_ids": [
-    "GHSA-c76h-2ccp-4975"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=4.5.0, fixed<5.28.5",
-    "introduced=6.0.0, fixed<6.21.1",
-    "introduced=7.0.0, fixed<7.2.3"
-  ],
-  "fixed_versions": [
-    "5.28.5",
-    "6.21.1",
-    "7.2.3"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json b/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json
deleted file mode 100644
index 96c7f853..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2025-47279",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "undici Denial of Service attack via bad certificate data",
-  "summary": "undici Denial of Service attack via bad certificate data",
-  "published_at": "2025-05-15T14:15:06Z",
-  "updated_at": "2026-02-06T22:08:08.311705Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
-    "https://github.com/nodejs/undici/issues/3895",
-    "https://github.com/nodejs/undici/pull/4088",
-    "https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2025-47279",
-    "GHSA-cxrh-j4jr-qwg3"
-  ],
-  "cve_ids": [
-    "CVE-2025-47279"
-  ],
-  "ghsa_ids": [
-    "GHSA-cxrh-j4jr-qwg3"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<5.29.0",
-    "introduced=6.0.0, fixed<6.21.2",
-    "introduced=7.0.0, fixed<7.5.0"
-  ],
-  "fixed_versions": [
-    "5.29.0",
-    "6.21.2",
-    "7.5.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
deleted file mode 100644
index 1ab39869..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1525",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has an HTTP Request/Response Smuggling issue",
-  "summary": "Undici has an HTTP Request/Response Smuggling issue",
-  "published_at": "2026-03-13T20:07:03Z",
-  "updated_at": "2026-03-14T09:19:54.772219Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
-    "https://hackerone.com/reports/3556037",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://cwe.mitre.org/data/definitions/444.html",
-    "https://github.com/nodejs/undici",
-    "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
-  ],
-  "aliases": [
-    "CVE-2026-1525",
-    "GHSA-2mjp-6q6p-2qxm"
-  ],
-  "cve_ids": [
-    "CVE-2026-1525"
-  ],
-  "ghsa_ids": [
-    "GHSA-2mjp-6q6p-2qxm"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "request-smuggling-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
deleted file mode 100644
index c77408a6..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1526",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-  "summary": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
-  "published_at": "2026-03-13T20:41:56Z",
-  "updated_at": "2026-03-13T20:54:25.563997Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
-    "https://hackerone.com/reports/3481206",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://datatracker.ietf.org/doc/html/rfc7692",
-    "https://github.com/nodejs/undici",
-    "https://owasp.org/www-community/attacks/Denial_of_Service"
-  ],
-  "aliases": [
-    "CVE-2026-1526",
-    "GHSA-vrm6-8vpv-qv8q"
-  ],
-  "cve_ids": [
-    "CVE-2026-1526"
-  ],
-  "ghsa_ids": [
-    "GHSA-vrm6-8vpv-qv8q"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
deleted file mode 100644
index 800a22e1..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1527",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has CRLF Injection in undici via `upgrade` option",
-  "summary": "Undici has CRLF Injection in undici via `upgrade` option",
-  "published_at": "2026-03-13T20:41:26Z",
-  "updated_at": "2026-03-13T20:54:25.572106Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
-    "https://hackerone.com/reports/3487198",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-1527",
-    "GHSA-4992-7rv2-5pvq"
-  ],
-  "cve_ids": [
-    "CVE-2026-1527"
-  ],
-  "ghsa_ids": [
-    "GHSA-4992-7rv2-5pvq"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
deleted file mode 100644
index f0b02d39..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-1528",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-  "summary": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
-  "published_at": "2026-03-13T20:07:26Z",
-  "updated_at": "2026-03-14T09:17:45.838435Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
-    "https://hackerone.com/reports/3537648",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-1528",
-    "GHSA-f269-vfmq-vjvj"
-  ],
-  "cve_ids": [
-    "CVE-2026-1528"
-  ],
-  "ghsa_ids": [
-    "GHSA-f269-vfmq-vjvj"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.0.0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json b/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json
deleted file mode 100644
index 4214f718..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json
+++ /dev/null
@@ -1,67 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-22036",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-  "summary": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
-  "published_at": "2026-01-14T21:06:08Z",
-  "updated_at": "2026-02-04T02:56:17.456091Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
-    "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-22036",
-    "GHSA-g9mf-h72j-4rw9"
-  ],
-  "cve_ids": [
-    "CVE-2026-22036"
-  ],
-  "ghsa_ids": [
-    "GHSA-g9mf-h72j-4rw9"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=7.0.0, fixed<7.18.2",
-    "introduced=0, fixed<6.23.0"
-  ],
-  "fixed_versions": [
-    "7.18.2",
-    "6.23.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json b/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
deleted file mode 100644
index 2815568c..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-2229",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-  "summary": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
-  "published_at": "2026-03-13T20:41:41Z",
-  "updated_at": "2026-03-13T20:54:26.149214Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
-    "https://hackerone.com/reports/3487486",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://datatracker.ietf.org/doc/html/rfc7692",
-    "https://github.com/nodejs/undici",
-    "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
-  ],
-  "aliases": [
-    "CVE-2026-2229",
-    "GHSA-v9p9-hfj2-hcw8"
-  ],
-  "cve_ids": [
-    "CVE-2026-2229"
-  ],
-  "ghsa_ids": [
-    "GHSA-v9p9-hfj2-hcw8"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=0, fixed<6.24.0",
-    "introduced=7.0.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "6.24.0",
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json b/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
deleted file mode 100644
index d95ebc9a..00000000
--- a/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-  "canonical_id": "undici--CVE-2026-2581",
-  "system_id": "undici",
-  "display_name": "Undici",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-  "summary": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
-  "published_at": "2026-03-13T20:37:58Z",
-  "updated_at": "2026-03-13T20:54:25.417862Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
-    "https://hackerone.com/reports/3513473",
-    "https://cna.openjsf.org/security-advisories.html",
-    "https://github.com/nodejs/undici"
-  ],
-  "aliases": [
-    "CVE-2026-2581",
-    "GHSA-phc3-fgpg-7m6h"
-  ],
-  "cve_ids": [
-    "CVE-2026-2581"
-  ],
-  "ghsa_ids": [
-    "GHSA-phc3-fgpg-7m6h"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=7.17.0, fixed<7.24.0"
-  ],
-  "fixed_versions": [
-    "7.24.0"
-  ],
-  "package_name": "undici",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md",
-  "secure_code_topics": [
-    "ssrf-url-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "undici-ssrf",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json b/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json
deleted file mode 100644
index aac8f62e..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json
+++ /dev/null
@@ -1,106 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2024-23331",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-  "summary": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
-  "published_at": "2024-01-19T21:58:47Z",
-  "updated_at": "2026-02-04T04:17:01.410592Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
-    "https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
-    "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
-    "https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
-    "https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
-    "https://github.com/vitejs/vite",
-    "https://vitejs.dev/config/server-options.html#server-fs-deny"
-  ],
-  "aliases": [
-    "CVE-2024-23331",
-    "GHSA-c24v-8rfc-w8vw"
-  ],
-  "cve_ids": [
-    "CVE-2024-23331"
-  ],
-  "ghsa_ids": [
-    "GHSA-c24v-8rfc-w8vw"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=2.7.0, fixed<2.9.17",
-    "introduced=3.0.0, fixed<3.2.8",
-    "introduced=4.0.0, fixed<4.5.2",
-    "introduced=5.0.0, fixed<5.0.12"
-  ],
-  "fixed_versions": [
-    "2.9.17",
-    "3.2.8",
-    "4.5.2",
-    "5.0.12"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:32:34+00:00",
-  "last_run_id": "vite-vite--CVE-2024-23331-20260318013228",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318013228/logs/proof-page.json"
-    ],
-    "baseline_title": "Vite Proxy Boundary Fixture",
-    "proof_title": "Vite Proxy Boundary Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json b/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json
deleted file mode 100644
index e5dfaf1f..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2024-45811",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-  "summary": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
-  "published_at": "2024-09-17T18:44:12Z",
-  "updated_at": "2026-02-04T04:05:31.919291Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
-    "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
-    "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
-    "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
-    "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
-    "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2024-45811",
-    "GHSA-9cwx-2883-4wfx"
-  ],
-  "cve_ids": [
-    "CVE-2024-45811"
-  ],
-  "ghsa_ids": [
-    "GHSA-9cwx-2883-4wfx"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=5.4.0, fixed<5.4.6",
-    "introduced=5.3.0, fixed<5.3.6",
-    "introduced=5.2.0, fixed<5.2.14",
-    "introduced=4.0.0, fixed<4.5.4",
-    "introduced=0, fixed<3.2.11",
-    "introduced=5.0.0, fixed<5.1.8"
-  ],
-  "fixed_versions": [
-    "5.4.6",
-    "5.3.6",
-    "5.2.14",
-    "4.5.4",
-    "3.2.11",
-    "5.1.8"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json b/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json
deleted file mode 100644
index a777d7df..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json
+++ /dev/null
@@ -1,115 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2024-45812",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-  "summary": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS",
-  "published_at": "2024-09-17T19:28:01Z",
-  "updated_at": "2026-02-04T04:04:22.977459Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
-  "secondary_source_urls": [
-    "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
-    "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
-    "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af",
-    "https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675",
-    "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd",
-    "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
-    "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3",
-    "https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e",
-    "https://github.com/vitejs/vite",
-    "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
-    "https://scnps.co/papers/sp23_domclob.pdf"
-  ],
-  "aliases": [
-    "CVE-2024-45812",
-    "GHSA-64vr-g452-qvp3"
-  ],
-  "cve_ids": [
-    "CVE-2024-45812"
-  ],
-  "ghsa_ids": [
-    "GHSA-64vr-g452-qvp3"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=5.4.0, fixed<5.4.6",
-    "introduced=5.3.0, fixed<5.3.6",
-    "introduced=5.2.0, fixed<5.2.14",
-    "introduced=4.0.0, fixed<4.5.4",
-    "introduced=0, fixed<3.2.11",
-    "introduced=5.0.0, fixed<5.1.8"
-  ],
-  "fixed_versions": [
-    "5.4.6",
-    "5.3.6",
-    "5.2.14",
-    "4.5.4",
-    "3.2.11",
-    "5.1.8"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "xss-output-encoding",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:33:26+00:00",
-  "last_run_id": "vite-vite--CVE-2024-45812-20260318013320",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318013320/logs/proof-page.json"
-    ],
-    "baseline_title": "Vite XSS Fixture",
-    "proof_title": "Vite XSS Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json b/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json
deleted file mode 100644
index 3e623797..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json
+++ /dev/null
@@ -1,101 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-24010",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Websites were able to send any requests to the development server and read the response in vite",
-  "summary": "Websites were able to send any requests to the development server and read the response in vite",
-  "published_at": "2025-01-21T19:52:55Z",
-  "updated_at": "2026-02-04T04:37:03.076966Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-24010",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-24010",
-    "GHSA-vg6x-rcgg-rjx6"
-  ],
-  "cve_ids": [
-    "CVE-2025-24010"
-  ],
-  "ghsa_ids": [
-    "GHSA-vg6x-rcgg-rjx6"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.0.0, fixed<6.0.9",
-    "introduced=5.0.0, fixed<5.4.12",
-    "introduced=0, fixed<4.5.6"
-  ],
-  "fixed_versions": [
-    "6.0.9",
-    "5.4.12",
-    "4.5.6"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "dom-sink-hardening",
-    "token-cookie-storage",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "verified-real",
-  "verification_mode": "real",
-  "last_verified_at": "2026-03-18T01:33:00+00:00",
-  "last_run_id": "vite-vite--CVE-2025-24010-20260318013254",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254",
-  "browser_evidence": {
-    "required": true,
-    "present": true,
-    "refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-page.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-page.json"
-    ],
-    "baseline_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/baseline-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/baseline-page.json"
-    ],
-    "proof_refs": [
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof.png",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/assets/proof-dom.html",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-console.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-network.json",
-      "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318013254/logs/proof-page.json"
-    ],
-    "baseline_title": "Vite File Upload Fixture",
-    "proof_title": "Vite File Upload Fixture - proof",
-    "error_kind": null,
-    "reason": null
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "local-fixture",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json b/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json
deleted file mode 100644
index bba5bbcd..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json
+++ /dev/null
@@ -1,78 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-30208",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite bypasses server.fs.deny when using ?raw??",
-  "summary": "Vite bypasses server.fs.deny when using ?raw??",
-  "published_at": "2025-03-25T14:00:02Z",
-  "updated_at": "2026-02-04T03:13:24.371631Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
-    "https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
-    "https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
-    "https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
-    "https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
-    "https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-30208",
-    "GHSA-x574-m823-4x7w"
-  ],
-  "cve_ids": [
-    "CVE-2025-30208"
-  ],
-  "ghsa_ids": [
-    "GHSA-x574-m823-4x7w"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.3",
-    "introduced=6.1.0, fixed<6.1.2",
-    "introduced=6.0.0, fixed<6.0.12",
-    "introduced=5.0.0, fixed<5.4.15",
-    "introduced=0, fixed<4.5.10"
-  ],
-  "fixed_versions": [
-    "6.2.3",
-    "6.1.2",
-    "6.0.12",
-    "5.4.15",
-    "4.5.10"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json b/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json
deleted file mode 100644
index 16c5c514..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-31125",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-  "summary": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
-  "published_at": "2025-03-31T17:31:54Z",
-  "updated_at": "2026-02-04T04:37:24.129476Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
-    "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
-    "https://github.com/vitejs/vite",
-    "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
-  ],
-  "aliases": [
-    "CVE-2025-31125",
-    "GHSA-4r4m-qw57-chr8"
-  ],
-  "cve_ids": [
-    "CVE-2025-31125"
-  ],
-  "ghsa_ids": [
-    "GHSA-4r4m-qw57-chr8"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.4",
-    "introduced=6.1.0, fixed<6.1.3",
-    "introduced=6.0.0, fixed<6.0.13",
-    "introduced=5.0.0, fixed<5.4.16",
-    "introduced=0, fixed<4.5.11"
-  ],
-  "fixed_versions": [
-    "6.2.4",
-    "6.1.3",
-    "6.0.13",
-    "5.4.16",
-    "4.5.11"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json b/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json
deleted file mode 100644
index c1163eb8..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-31486",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-  "summary": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
-  "published_at": "2025-04-04T14:20:05Z",
-  "updated_at": "2026-02-04T03:51:38.412061Z",
-  "severity": "low",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
-    "https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
-    "https://github.com/vitejs/vite",
-    "https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
-  ],
-  "aliases": [
-    "CVE-2025-31486",
-    "GHSA-xcj6-pq6g-qj4x"
-  ],
-  "cve_ids": [
-    "CVE-2025-31486"
-  ],
-  "ghsa_ids": [
-    "GHSA-xcj6-pq6g-qj4x"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.5",
-    "introduced=6.1.0, fixed<6.1.4",
-    "introduced=6.0.0, fixed<6.0.14",
-    "introduced=5.0.0, fixed<5.4.17",
-    "introduced=0, fixed<4.5.12"
-  ],
-  "fixed_versions": [
-    "6.2.5",
-    "6.1.4",
-    "6.0.14",
-    "5.4.17",
-    "4.5.12"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json b/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json
deleted file mode 100644
index 246ad7a4..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-32395",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-  "summary": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
-  "published_at": "2025-04-11T14:06:03Z",
-  "updated_at": "2026-02-04T04:11:44.900383Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
-    "https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-32395",
-    "GHSA-356w-63v5-8wf4"
-  ],
-  "cve_ids": [
-    "CVE-2025-32395"
-  ],
-  "ghsa_ids": [
-    "GHSA-356w-63v5-8wf4"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.2.0, fixed<6.2.6",
-    "introduced=6.1.0, fixed<6.1.5",
-    "introduced=6.0.0, fixed<6.0.15",
-    "introduced=5.0.0, fixed<5.4.18",
-    "introduced=0, fixed<4.5.13"
-  ],
-  "fixed_versions": [
-    "6.2.6",
-    "6.1.5",
-    "6.0.15",
-    "5.4.18",
-    "4.5.13"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json b/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json
deleted file mode 100644
index 10a1e956..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-46565",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite's server.fs.deny bypassed with /. for files under project root",
-  "summary": "Vite's server.fs.deny bypassed with /. for files under project root",
-  "published_at": "2025-04-30T17:40:27Z",
-  "updated_at": "2026-02-04T03:27:17.681639Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
-    "https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-46565",
-    "GHSA-859w-5945-r5v3"
-  ],
-  "cve_ids": [
-    "CVE-2025-46565"
-  ],
-  "ghsa_ids": [
-    "GHSA-859w-5945-r5v3"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=6.3.0, fixed<6.3.4",
-    "introduced=6.2.0, fixed<6.2.7",
-    "introduced=6.0.0, fixed<6.1.6",
-    "introduced=5.0.0, fixed<5.4.19",
-    "introduced=0, fixed<4.5.14"
-  ],
-  "fixed_versions": [
-    "6.3.4",
-    "6.2.7",
-    "6.1.6",
-    "5.4.19",
-    "4.5.14"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json b/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json
deleted file mode 100644
index 32ed96b9..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-58751",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite middleware may serve files starting with the same name with the public directory",
-  "summary": "Vite middleware may serve files starting with the same name with the public directory",
-  "published_at": "2025-09-09T20:55:56Z",
-  "updated_at": "2026-02-04T04:33:22.508417Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-58751",
-    "https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb",
-    "https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d",
-    "https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069",
-    "https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec",
-    "https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-58751",
-    "GHSA-g4jq-h2w9-997c"
-  ],
-  "cve_ids": [
-    "CVE-2025-58751"
-  ],
-  "ghsa_ids": [
-    "GHSA-g4jq-h2w9-997c"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=7.1.0, fixed<7.1.5",
-    "introduced=7.0.0, fixed<7.0.7",
-    "introduced=6.0.0, fixed<6.3.6",
-    "introduced=0, fixed<5.4.20"
-  ],
-  "fixed_versions": [
-    "7.1.5",
-    "7.0.7",
-    "6.3.6",
-    "5.4.20"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json b/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json
deleted file mode 100644
index 95218856..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-58752",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "Vite's `server.fs` settings were not applied to HTML files",
-  "summary": "Vite's `server.fs` settings were not applied to HTML files",
-  "published_at": "2025-09-09T20:54:42Z",
-  "updated_at": "2026-02-04T04:35:16.287471Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-58752",
-    "https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f",
-    "https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e",
-    "https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea",
-    "https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6",
-    "https://github.com/vitejs/vite",
-    "https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md"
-  ],
-  "aliases": [
-    "CVE-2025-58752",
-    "GHSA-jqfw-vq24-v9c3"
-  ],
-  "cve_ids": [
-    "CVE-2025-58752"
-  ],
-  "ghsa_ids": [
-    "GHSA-jqfw-vq24-v9c3"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=7.1.0, fixed<7.1.5",
-    "introduced=7.0.0, fixed<7.0.7",
-    "introduced=6.0.0, fixed<6.3.6",
-    "introduced=0, fixed<5.4.20"
-  ],
-  "fixed_versions": [
-    "7.1.5",
-    "7.0.7",
-    "6.3.6",
-    "5.4.20"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary",
-    "plugin-extension-trust-policy"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json b/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json
deleted file mode 100644
index 2eeb7acc..00000000
--- a/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-  "canonical_id": "vite--CVE-2025-62522",
-  "system_id": "vite",
-  "display_name": "Vite",
-  "category": "frameworks",
-  "advisory_mode": "core",
-  "title": "vite allows server.fs.deny bypass via backslash on Windows",
-  "summary": "vite allows server.fs.deny bypass via backslash on Windows",
-  "published_at": "2025-10-20T19:54:28Z",
-  "updated_at": "2026-02-04T04:13:38.886554Z",
-  "severity": "medium",
-  "cvss_score": null,
-  "exploit_status": "unknown",
-  "source_confidence": "official",
-  "official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7",
-  "secondary_source_urls": [
-    "https://nvd.nist.gov/vuln/detail/CVE-2025-62522",
-    "https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed",
-    "https://github.com/vitejs/vite"
-  ],
-  "aliases": [
-    "CVE-2025-62522",
-    "GHSA-93m4-6634-74q7"
-  ],
-  "cve_ids": [
-    "CVE-2025-62522"
-  ],
-  "ghsa_ids": [
-    "GHSA-93m4-6634-74q7"
-  ],
-  "osv_ids": [],
-  "affected_versions": [
-    "introduced=7.1.0, fixed<7.1.11",
-    "introduced=7.0.0, fixed<7.0.8",
-    "introduced=6.0.0, fixed<6.4.1",
-    "introduced=2.9.18, fixed<5.4.21",
-    "introduced=3.2.9, fixed<5.4.21",
-    "introduced=4.5.3, fixed<5.4.21",
-    "introduced=5.2.6, fixed<5.4.21"
-  ],
-  "fixed_versions": [
-    "7.1.11",
-    "7.0.8",
-    "6.4.1",
-    "5.4.21"
-  ],
-  "package_name": "vite",
-  "render_markdown": true,
-  "case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md",
-  "secure_code_topics": [
-    "dependency-upgrade-policy",
-    "file-upload-validation",
-    "proxy-trust-boundary"
-  ],
-  "status": "generated",
-  "triage_reasons": [],
-  "verification_status": "triage-manual",
-  "verification_mode": "synthetic",
-  "last_verified_at": null,
-  "last_run_id": "",
-  "evidence_bundle": null,
-  "browser_evidence": {
-    "required": false,
-    "present": false,
-    "refs": []
-  },
-  "repro_profile_id": "vite-file-upload",
-  "artifact_mode": "synthetic",
-  "blocked_reason": null,
-  "metadata": {
-    "source_names": [],
-    "source_kinds": [],
-    "candidate_count": 1
-  }
-}
diff --git a/08-threat-intel/registry/systems/gitea.json b/08-threat-intel/registry/systems/gitea.json
index 388a8fa2..b272cf41 100644
--- a/08-threat-intel/registry/systems/gitea.json
+++ b/08-threat-intel/registry/systems/gitea.json
@@ -3,10 +3,10 @@
   "display_name": "Gitea",
   "category": "platforms",
   "tier": "rolling-24m",
-  "total": 30,
-  "markdown_cases": 30,
+  "total": 0,
+  "markdown_cases": 0,
   "triage_count": 0,
-  "latest_update": "2026-03-03T04:57:57.697708Z",
+  "latest_update": "",
   "output_dir": "07-framework-security/platforms/gitea",
   "secure_code_topics": [
     "authz-server-side-recheck",
@@ -16,37 +16,6 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 30,
-  "items": [
-    "gitea--CVE-2026-0798",
-    "gitea--CVE-2026-20736",
-    "gitea--CVE-2026-20750",
-    "gitea--CVE-2026-20800",
-    "gitea--CVE-2026-20883",
-    "gitea--CVE-2026-20888",
-    "gitea--CVE-2026-20897",
-    "gitea--CVE-2026-20904",
-    "gitea--CVE-2026-20912",
-    "gitea--CVE-2025-69413",
-    "gitea--CVE-2025-68938",
-    "gitea--CVE-2025-68941",
-    "gitea--CVE-2025-68942",
-    "gitea--CVE-2025-68943",
-    "gitea--CVE-2025-68944",
-    "gitea--CVE-2025-68945",
-    "gitea--CVE-2025-68946",
-    "gitea--CVE-2022-42968",
-    "gitea--CVE-2021-45330",
-    "gitea--CVE-2022-0905",
-    "gitea--CVE-2022-1928",
-    "gitea--CVE-2022-27313",
-    "gitea--CVE-2022-30781",
-    "gitea--CVE-2021-29134",
-    "gitea--CVE-2021-45331",
-    "gitea--CVE-2021-45327",
-    "gitea--CVE-2022-38795",
-    "gitea--CVE-2022-38183",
-    "gitea--CVE-2021-3382",
-    "gitea--CVE-2022-1058"
-  ]
+  "manual_count": 0,
+  "items": []
 }
diff --git a/08-threat-intel/registry/systems/nextjs.json b/08-threat-intel/registry/systems/nextjs.json
index 60d26165..3942b658 100644
--- a/08-threat-intel/registry/systems/nextjs.json
+++ b/08-threat-intel/registry/systems/nextjs.json
@@ -3,10 +3,10 @@
   "display_name": "Next.js",
   "category": "frameworks",
   "tier": "history-full",
-  "total": 20,
-  "markdown_cases": 20,
+  "total": 5,
+  "markdown_cases": 5,
   "triage_count": 0,
-  "latest_update": "2026-03-13T22:00:36.554552Z",
+  "latest_update": "2026-03-17T16:31:34.160932Z",
   "output_dir": "07-framework-security/frameworks/nextjs",
   "secure_code_topics": [
     "authz-server-side-recheck",
@@ -16,27 +16,12 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 20,
+  "manual_count": 5,
   "items": [
-    "nextjs--CVE-2025-59472",
-    "nextjs--CVE-2025-59471",
-    "nextjs--GHSA-5j59-xgg2-r9c4",
-    "nextjs--GHSA-w37m-7fhw-fmv9",
-    "nextjs--GHSA-mwv6-3258-q52c",
-    "nextjs--GHSA-9qr9-h5gf-34mp",
-    "nextjs--CVE-2025-57752",
-    "nextjs--CVE-2025-55173",
-    "nextjs--CVE-2025-57822",
-    "nextjs--CVE-2025-49826",
-    "nextjs--CVE-2025-49005",
-    "nextjs--CVE-2025-48068",
-    "nextjs--CVE-2025-32421",
-    "nextjs--CVE-2025-30218",
-    "nextjs--CVE-2024-56332",
-    "nextjs--CVE-2024-47831",
-    "nextjs--CVE-2024-46982",
-    "nextjs--CVE-2021-43803",
-    "nextjs--CVE-2021-37699",
-    "nextjs--CVE-2020-5284"
+    "nextjs--CVE-2026-29057",
+    "nextjs--CVE-2026-27980",
+    "nextjs--CVE-2026-27979",
+    "nextjs--CVE-2026-27978",
+    "nextjs--CVE-2026-27977"
   ]
 }
diff --git a/08-threat-intel/registry/systems/undici.json b/08-threat-intel/registry/systems/undici.json
index 66d03555..6c08daa8 100644
--- a/08-threat-intel/registry/systems/undici.json
+++ b/08-threat-intel/registry/systems/undici.json
@@ -3,33 +3,18 @@
   "display_name": "Undici",
   "category": "frameworks",
   "tier": "rolling-24m",
-  "total": 14,
-  "markdown_cases": 14,
+  "total": 0,
+  "markdown_cases": 0,
   "triage_count": 0,
-  "latest_update": "2026-03-14T09:19:54.772219Z",
+  "latest_update": "",
   "output_dir": "07-framework-security/frameworks/undici",
   "secure_code_topics": [
     "ssrf-url-validation",
     "proxy-trust-boundary"
   ],
-  "verified_real": 1,
+  "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 13,
-  "items": [
-    "undici--CVE-2026-1526",
-    "undici--CVE-2026-2229",
-    "undici--CVE-2026-1527",
-    "undici--CVE-2026-2581",
-    "undici--CVE-2026-1528",
-    "undici--CVE-2026-1525",
-    "undici--CVE-2026-22036",
-    "undici--CVE-2025-47279",
-    "undici--CVE-2025-22150",
-    "undici--CVE-2024-30261",
-    "undici--CVE-2024-30260",
-    "undici--CVE-2023-45143",
-    "undici--CVE-2022-31151",
-    "undici--CVE-2022-32210"
-  ]
+  "manual_count": 0,
+  "items": []
 }
diff --git a/08-threat-intel/registry/systems/vite.json b/08-threat-intel/registry/systems/vite.json
index a252d304..9a33ea94 100644
--- a/08-threat-intel/registry/systems/vite.json
+++ b/08-threat-intel/registry/systems/vite.json
@@ -3,10 +3,10 @@
   "display_name": "Vite",
   "category": "frameworks",
   "tier": "history-full",
-  "total": 12,
-  "markdown_cases": 12,
+  "total": 0,
+  "markdown_cases": 0,
   "triage_count": 0,
-  "latest_update": "2026-02-04T04:37:24.129476Z",
+  "latest_update": "",
   "output_dir": "07-framework-security/frameworks/vite",
   "secure_code_topics": [
     "dependency-upgrade-policy",
@@ -16,19 +16,6 @@
   "verified_real": 0,
   "verified_synthetic": 0,
   "blocked_count": 0,
-  "manual_count": 12,
-  "items": [
-    "vite--CVE-2025-62522",
-    "vite--CVE-2025-58751",
-    "vite--CVE-2025-58752",
-    "vite--CVE-2025-46565",
-    "vite--CVE-2025-32395",
-    "vite--CVE-2025-31486",
-    "vite--CVE-2025-31125",
-    "vite--CVE-2025-30208",
-    "vite--CVE-2025-24010",
-    "vite--CVE-2024-45812",
-    "vite--CVE-2024-45811",
-    "vite--CVE-2024-23331"
-  ]
+  "manual_count": 0,
+  "items": []
 }
diff --git a/docs/testing-completeness-report.md b/docs/testing-completeness-report.md
index 3ce932be..657ebe47 100644
--- a/docs/testing-completeness-report.md
+++ b/docs/testing-completeness-report.md
@@ -1,20 +1,17 @@
 # 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-18T14:22:56+00:00`
-- 最新 advisory 完整度: `89/89` `verified-real`
+- 生成时间: `2026-03-18T14:45:55+00:00`
+- 最新 advisory 完整度: `0/5` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
-- 人工/待补证据数量: `0`
-- 完整度百分比: `100.0%`
+- 人工/待补证据数量: `5`
+- 完整度百分比: `0.0%`
 
 ## 系统覆盖矩阵
 
 | 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
 | --- | ---: | ---: | ---: | ---: | ---: | --- |
-| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
-| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) |
-| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
-| vite | 12 | 12 | 0 | 0 | 0 | proxy-boundary(11/11), xss(1/1) |
+| nextjs | 5 | 0 | 0 | 0 | 5 | proxy-boundary(0/4), request-smuggling(0/1) |
 
 ## 历史阻塞项修复纪要
 
@@ -25,12 +22,36 @@
 
 ## Ingest / Source 健康度
 
-- source failures: `5`
+- source failures: `29`
 - drupal::Drupal Security Advisories Site::HTTPError
-- django::Django Security RSS::HTTPError
-- haproxy::HAProxy Security Advisories::HTTPError
 - discourse::Discourse Meta Security::HTTPError
-- adobe-commerce::Adobe Security Bulletins::SSLError
+- adobe-commerce::Adobe Security Bulletins::ConnectionError
+- react::GitHub Global Advisories::TypeError
+- nextjs::GitHub Global Advisories::AttributeError
+- vue::GitHub Global Advisories::HTTPError
+- nuxt::GitHub Global Advisories::HTTPError
+- vite::GitHub Global Advisories::HTTPError
+- angular::GitHub Global Advisories::HTTPError
+- sveltekit::GitHub Global Advisories::HTTPError
+- astro::GitHub Global Advisories::HTTPError
+- express::GitHub Global Advisories::HTTPError
+- nestjs::GitHub Global Advisories::HTTPError
+- koa::GitHub Global Advisories::HTTPError
+- fastify::GitHub Global Advisories::HTTPError
+- hapi::GitHub Global Advisories::HTTPError
+- undici::GitHub Global Advisories::HTTPError
+- webpack::GitHub Global Advisories::HTTPError
+- esbuild::GitHub Global Advisories::HTTPError
+- spring-framework::GitHub Global Advisories::HTTPError
+- spring-security::GitHub Global Advisories::HTTPError
+- spring-boot::GitHub Global Advisories::HTTPError
+- laravel::GitHub Global Advisories::HTTPError
+- symfony::GitHub Global Advisories::HTTPError
+- django::Django Security RSS::HTTPError
+- flask::GitHub Global Advisories::HTTPError
+- werkzeug::GitHub Global Advisories::HTTPError
+- rails::GitHub Global Advisories::HTTPError
+- haproxy::HAProxy Security Advisories::HTTPError
 
 ## 剩余风险说明