hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

Refresh rendered dashboard snapshots

浏览代码
这个提交包含在:
hao
2026-03-18 14:18:50 -07:00
父节点 00d828d090
当前提交 9a5f48cdf7
修改 2488 个文件,包含 3071 行新增242002 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

13
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `angular`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `2`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,5 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Angular vulnerable to XSS in i18n attribute bindings | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T01:31:35.828211Z` | [link](/Users/x/websafe/07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md) |
| Angular i18n vulnerable to Cross-Site Scripting | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-28T06:24:33.665085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `aspnet-core`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `3`
- 近 30 天新增/更新: `3`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -30,6 +30,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2026-26130 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-03-11T13:53:20.707` | - |
| CVE-2020-1045 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-23T18:23:07.950` | - |
| CVE-2020-1597 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-23T18:25:45.733` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

23
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `astro`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `14`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `14`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,17 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:27:12.689316Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-66202.md) |
| Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:33:26.119485Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-65019.md) |
| Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:01:27.986221Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64765.md) |
| Astro vulnerable to reflected XSS via the server islands feature | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-20T14:43:59.624508Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64764.md) |
| Astro Development Server has Arbitrary Local File Read | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-20T14:43:59.558170Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64757.md) |
| Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-13T22:46:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64525.md) |
| Astro development server error page is vulnerable to reflected Cross-site Scripting | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:22:31.471739Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64745.md) |
| Astro's bypass of image proxy domain validation leads to SSRF and potential XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-29T14:48:45Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-59837.md) |
| Astro's `X-Forwarded-Host` is reflected without validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-11T00:12:31.565977Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-61925.md) |
| Astro allows unauthorized third-party images in _image endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:22:36.525875Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md) |
| Astros's duplicate trailing slash feature leads to an open redirection security issue | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:35:13.558198Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-54793.md) |
| Astro's server source code is exposed to the public if sourcemaps are enabled | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:18:38.026555Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-56159.md) |
| Atro CSRF Middleware Bypass (security.checkOrigin) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:18:05.038082Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-56140.md) |
| DOM Clobbering Gadget found in astro's client-side router that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:16:37.087731Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-47885.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

93
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `django`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `82`
- 近 30 天新增/更新: `5`
- 重点 Markdown 案例数: `5`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `82`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -33,85 +33,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Django vulnerable to Uncontrolled Resource Consumption | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-06T19:44:13.458245Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-25673.md) |
| Django has a Race Condition vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-06T19:44:14.996605Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-25674.md) |
| Django has Inefficient Algorithmic Complexity | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:41:06.153879Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2025-14550.md) |
| Django has Inefficient Algorithmic Complexity | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:26:02.134436Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-1285.md) |
| XSS in jQuery as used in Drupal, Backdrop CMS, and other products | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T21:56:20.301637Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2019-11358.md) |
| March 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| May 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| April 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Google Summer of Code 2026 with Django | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| June 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Plan to Adopt Contributor Covenant 3 as Django’s New Code of Conduct | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Djangonaut Space - Session 6 Accepting Applications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Django Steering Council 2025 Year in Review | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| May 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| April 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DSF member of the month - Baptiste Mispelon | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1.10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| June 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Django security releases issued: 6.0.3, 5.2.12, and 4.2.29 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| August 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| April 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| May 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| July 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| August 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DSF member of the month - Theresa Seyram Agbenyegah | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| June 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| July 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Recent trends in the work of the Django Security Team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1.8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DSF member of the month - Omar Abou Mrad | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1.11 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| August 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to main content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to main content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| July 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

11
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `echo`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `2`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `2`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -30,5 +30,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Open redirect in github.com/labstack/echo/v4 | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-20T16:03:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/echo/cases/echo-cve-2022-40083.md) |
| Directory traversal on Windows in github.com/labstack/echo/v4 | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-20T16:03:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/echo/cases/echo-cve-2020-36565.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

10
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `esbuild`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,4 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| esbuild enables any website to send any requests to the development server and read the response | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:58.022803Z` | [link](/Users/x/websafe/07-framework-security/frameworks/esbuild/cases/esbuild-ghsa-67mh-4wv8-2f99.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

10
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `express`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,4 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2025-67731 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-17T19:40:55.690` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `fastify`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16T03:05:26.332715Z` | [link](/Users/x/websafe/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `flask`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Flask session does not add `Vary: Cookie` header when accessed in some ways | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23T23:43:45.778179Z` | [link](/Users/x/websafe/07-framework-security/frameworks/flask/cases/flask-cve-2026-27205.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gin`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -30,4 +30,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T10:41:18.820930Z` | [link](/Users/x/websafe/07-framework-security/frameworks/gin/cases/gin-cve-2020-28483.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

10
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `hapi`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Denial of Service in @hapi/hapi | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2020-08-31T19:00:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/hapi/cases/hapi-ghsa-23vw-mhv5-grv5.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `koa`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Koa has Host Header Injection via ctx.hostname | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-26T23:36:36.294040Z` | [link](/Users/x/websafe/07-framework-security/frameworks/koa/cases/koa-cve-2026-27959.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

13
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `laravel`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `2`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,5 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Laravel Framework XSS in Blade templating engine | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:16.767646Z` | [link](/Users/x/websafe/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-43808.md) |
| Query Binding Exploitation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:34.333730Z` | [link](/Users/x/websafe/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-21263.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

11
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nestjs`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,5 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2026-2293 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-02T20:30:10.923` | - |
| CVE-2025-69211 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-02-20T16:58:36.320` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

83
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nextjs`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `66`
- 近 30 天新增/更新: `10`
- 重点 Markdown 案例数: `41`
- 已实证(真实版本): `26`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,73 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:26.646070Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
| Next Server Actions Source Code Exposure | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
| Authorization Bypass in Next.js Middleware | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
| Next.js authorization bypass vulnerability | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
| Denial of Service condition in Next.js image optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
| Next.js Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
| Next.js Denial of Service (DoS) condition | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-06T14:30:33Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-39693.md) |
| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
| Next.js Vulnerable to HTTP Request Smuggling | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T18:28:18Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34350.md) |
| Next.js missing cache-control header may lead to CDN caching empty reply | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:13:42.231979Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2023-46298.md) |
| Unexpected server crash in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:58.785797Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-36046.md) |
| Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:08:26.298810Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-23646.md) |
| Denial of Service Vulnerability in next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:08:09.355091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-21721.md) |
| Unexpected server crash in Next.js. | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
| XSS in Image Optimization API for Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
| Open Redirect in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
| Open Redirect in Next.js versions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
| Remote Code Execution in next | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2022-04-28T19:57:43Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5vj8-3v2h-h38v.md) |
| Directory Traversal in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
| Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:05.061101Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-18282.md) |
| Directory traversal vulnerability in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.025418Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-6184.md) |
| Next.js Directory Traversal Vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-22T19:49:35Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2017-16877.md) |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service in Partial Pre Rendering | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service with Server Components - Incomplete Fix Follow-Up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| next.js | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| null origin can bypass Server Actions CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
36 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Server Actions Source Code Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
138k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service with Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service in Image Optimizer | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unbounded next/image disk cache growth can exhaust storage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| null origin can bypass dev HMR websocket CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HTTP request smuggling in rewrites | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
1.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unbounded postponed resume buffering can lead to DoS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

15
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nodejs`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `8`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `8`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,11 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-21` | - |
| System Information Library for Node.JS Command Injection | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-02-01` | - |
| Tuesday, January 13, 2026 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenSSL Security Advisory Assessment, January 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| New security releases to be made available Tuesday, March 24, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wednesday, May 14, 2025 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tuesday, July 15, 2025 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

41
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nuxt`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `28`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `5`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `28`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,35 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-18T13:04:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2025-59414.md) |
| Nuxt allows DOS via cache poisoning with payload rendering response | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-03-20T19:31:04Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2025-27415.md) |
| Nuxt vulnerable to remote code execution via the browser when running the test locally | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-18T16:27:00Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2024-34344.md) |
| nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-05-15T21:26:45Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2024-34343.md) |
| nuxt Code Injection vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-18T16:26:30Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2023-3224.md) |
| Opening a malicious website while running a Nuxt dev server could allow read-only access to code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS in navigateTo if used after SSR | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote code execution via the browser when running e2e tests locally | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Opening a malicious website while running a Nuxt dev server could allow read-only access to code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path Traversal: '../filedir' in Nuxt Devtools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
788 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Client-Side Path Traversal in Nuxt Island Payload Revival | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
118 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DOS via cache poisoning with payload rendering response | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
59.9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

51
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `rails`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `42`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `10`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `42`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,45 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Rails has possible XSS Vulnerability in Action Controller | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-20T10:42:26.578616Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2024-26143.md) |
| Ruby on Rails vulnerable to code injection | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-03T14:58:34.698394Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2006-4111.md) |
| Rails Denial of Service vulnerability | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-03T15:46:47.783301Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2006-4112.md) |
| Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:30:21.670801Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-3227.md) |
| Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-05-01T18:49:06.777708Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-5379.md) |
| Session fixation vulnerability in Rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:30:02.622007Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-5380.md) |
| session fixation protection mechanism in cgi_process.rb in Rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:55:51.425352Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-6077.md) |
| rails is vulnerable to CRLF injection | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T17:02:22.936736Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2008-5189.md) |
| Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T20:05:53.148849Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2009-4214.md) |
| Rails vulnerable to Cross-site Scripting | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-08T05:43:59.579843Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2014-0081.md) |
| CVE-2013-0156 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2013-0155 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-6497 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-6496 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3465 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3464 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3463 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3424 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2695 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2694 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2661 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2660 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-1099 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-1098 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4319 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3187 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3186 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2932 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2931 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2930 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2929 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2197 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0449 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0448 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0447 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0446 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-3933 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2008-7248 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-3086 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-3009 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-2422 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-4094 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

34
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `react`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `21`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `3`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,28 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Cross-Site Scripting in react | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T03:57:27.158332Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-cve-2013-7035.md) |
| Cross-Site Scripting in react | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2021-10-01T20:15:16Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-ghsa-hg79-j56m-fxgv.md) |
| Cross-Site Scripting in react-dom | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.209483Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-cve-2018-6341.md) |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
810 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Source Code Exposure Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Critical Security Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| react | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
371 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerabilities in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
244k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

13
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `spring-boot`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `2`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,5 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-13T21:59:19.426456Z` | [link](/Users/x/websafe/07-framework-security/frameworks/spring-boot/cases/spring-boot-cve-2022-27772.md) |
| Spring Boot | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

18
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `spring-framework`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `11`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `11`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,14 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2025-41254: Spring Framework STOMP CSRF Vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41249: Spring Framework Annotation Detection Vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-22718: Command injection on user machine using VSCode extension for Spring CLI | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41253: Using Spring Expression Language To Expose Environment Variables and System Properties | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41243: Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Spring Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

10
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `spring-security`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `3`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,6 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Spring Security Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Spring Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

14
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `sveltekit`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `3`
- 近 30 天新增/更新: `3`
- 重点 Markdown 案例数: `3`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,6 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-28T06:27:26.115188Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-fpg4-jhqr-589c.md) |
| CPU exhaustion in SvelteKit remote form deserialization (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:23:11.893790Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-88qp-p4qg-rqm6.md) |
| Memory exhaustion in SvelteKit remote form deserialization (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:25:49.392878Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-vrhm-gvg7-fpcf.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

20
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `symfony`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `9`
- 近 30 天新增/更新: `9`
- 重点 Markdown 案例数: `9`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,12 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CSV Injection in symfony/serializer | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T21:59:52.395727Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41270.md) |
| Cookie persistence after password changes in symfony/security-bundle | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:23.582059Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41268.md) |
| Webcache Poisoning in symfony/http-kernel | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:11.423907Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md) |
| Authentication granted to all firewalls instead of just one | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:16.333089Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-32693.md) |
| Prevent user enumeration using Guard or the new Authenticator-based Security | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:16:14.858636Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-21424.md) |
| RCE in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:38.594283Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-15094.md) |
| Firewall configured with unanimous strategy was not actually unanimous in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:16:03.504887Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5275.md) |
| Exceptions displayed in non-debug configurations in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:59.230149Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5274.md) |
| Prevent cache poisoning via a Response Content-Type header in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:08.748385Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5255.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

29
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `undici`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `16`
- 近 30 天新增/更新: `7`
- 重点 Markdown 案例数: `15`
- 已实证(真实版本): `7`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,19 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
| Undici has CRLF Injection in undici via `upgrade` option | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
| Undici has an HTTP Request/Response Smuggling issue | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
| CVE-2026-21636 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-01-30T20:20:56.843` | - |
| Undici vulnerable to data leak when using response.arrayBuffer() | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T13:57:47.271493Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-38372.md) |
| Undici proxy-authorization header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-02T13:15:07Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24758.md) |
| fetch(url) leads to a memory leak in undici | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-19T09:30:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24750.md) |
| CRLF Injection in Nodejs ‘undici’ via host | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-16T15:26:50.318903Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-23936.md) |
| Regular Expression Denial of Service in Headers | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:11:48.635999Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md) |
| Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.836338Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35948.md) |
| `undici.request` vulnerable to SSRF using absolute URL on `pathname` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.898548Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35949.md) |
| undici before v5.8.0 vulnerable to CRLF injection in request headers | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:27.728154Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md) |
| ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

57
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `vite`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `42`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `16`
- 已实证(真实版本): `12`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,49 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
| Vite's `server.fs.deny` did not deny requests for patterns with directories. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-05T01:28:39.527659Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-31207.md) |
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
| Vite XSS vulnerability in `server.transformIndexHtml` via URL payload | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-12-06T00:11:36.913866Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2023-49293.md) |
| Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-08-09T19:14:57Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2023-34092.md) |
| Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-09-23T19:18:33Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2022-35204.md) |
| Pull requests
191 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Any websites were able to send any requests to the development server and read the response | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
15 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with `\` on Windows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vitejs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
79.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Files starting with the same name with the public directory were served | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with `/.` for files under project `root` | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
478 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vite | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with `.svg` or relative paths | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with an invalid `request-target` | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs` settings was not applied to HTML files | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| server.fs.deny bypassed when using `?raw??` | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

28
07-framework-security/frameworks/vue/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `vue`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `15`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,22 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-10-24T19:12:14.925352Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vue/cases/vue-cve-2024-9506.md) |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
350 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
53.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| core | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
642 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vuejs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| security@vuejs.org | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

10
07-framework-security/frameworks/webpack/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `webpack`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,4 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2026-27903 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-02-27T17:21:22.370` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/werkzeug/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `werkzeug`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Werkzeug safe_join() allows Windows special device names | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23T23:43:27.690386Z` | [link](/Users/x/websafe/07-framework-security/frameworks/werkzeug/cases/werkzeug-cve-2026-27199.md) |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |