hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 103 个文件 - 2026-03-18 19:24:37

浏览代码
这个提交包含在:
hao
2026-03-18 19:24:37 -07:00
父节点 8e13fcfbe0
当前提交 9b0d72b112
修改 103 个文件,包含 8985 行新增1381 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

39
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `directus`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `29`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `29`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,35 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Open redirect in SAML | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper Permission Handling on Deleted Fields in Directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Conceal fields are searchable if read permissions enabled | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Information Leakage: Existing Collections | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Enumeration via Password Reset Timing Attack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
344 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
46 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Store XSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Missing permission checks for manual trigger Flows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
40 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated file upload and file modification due to lacking input sanitization | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| S3 assets become unavailable after a burst of malformed transformations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Directus version number disclosure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

37
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `discourse`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `30`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -34,4 +34,33 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| 3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:52 +0000` | - |
| 3.4.4: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:48 +0000` | - |
| January 2026 Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 Jan 2026 17:35:34 +0000` | - |
| Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Nov 2025 11:02:53 +0000` | - |
| 3.4.2: Security and bug fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:36 +0000` | - |
| 3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:32 +0000` | - |
| 3.4.6: Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:49 +0000` | - |
| 3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:45 +0000` | - |
| 3.4.0.beta4: Redesigned emojis, exporting user data, flagging illegal content and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:56 +0000` | - |
| 3.3.4: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:22 +0000` | - |
| 3.5.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:22 +0000` | - |
| 3.6.0.beta1: Color palette editing, user fields on sign up, themeable site setting discovery, images with Google AI, and reliable drafts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:19 +0000` | - |
| Release v3.5.3: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:18 +0000` | - |
| Release v2025.11.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:04 +0000` | - |
| Release v2025.12.0: Discourse Rewind, new review queue and UI to create tags, Chat channel customisation, and live PR statuses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:06:45 +0000` | - |
| 3.4.7: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:36 +0000` | - |
| 3.5.0.beta8: Bundled plugins, a new theme, better color management, powerful filtering, and advanced image controls | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:34 +0000` | - |
| 3.4.3: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:02 +0000` | - |
| 3.5.0beta3: Full admin search, better font selection, more robust site search, category personalization, and easier configuration management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:00 +0000` | - |
| 3.5.2: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:40 +0000` | - |
| 3.6.0.beta2: Built-in palette editing, live AI translation progress, and better wiki tracking | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:37 +0000` | - |
| 3.5.0: Major release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:12 +0000` | - |
| 3.5.0.beta9: Improving color management, core welcome banner, and staff action log filters | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:02 +0000` | - |
| 3.4.0: Major Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Feb 2025 17:07:48 +0000` | - |
| 3.4.0.beta3: Check for updates on What’s New page, filter by user in the review queue, threading in Chat DMs and group chats, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Dec 2024 16:53:54 +0000` | - |
| 3.4.1: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:05 +0000` | - |
| 3.5.0.beta1: Dark/light mode selector, better flagging info, and encouraging more valuable conversations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:02 +0000` | - |
| 3.5.0.beta6 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 05:30:17 +0000` | - |
| 3.4.5 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 03:57:43 +0000` | - |
| 3.5.0.beta4 Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 05 May 2025 17:04:14 +0000` | - |

80
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `drupal`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `70`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,11 +26,79 @@
- `official` [Drupal Security Advisories RSS](https://www.drupal.org/security/rss.xml) (mode=core)
- `official` [NVD Drupal](https://nvd.nist.gov/vuln/search) (keyword=Drupal; mode=core)
- `ecosystem-authority` [Drupal Security Advisories Site](https://www.drupal.org/security) (mode=module)
- `ecosystem-authority` [GHSA Drupal Core](https://github.com/advisories) (ecosystem=composer; mode=core)
- `ecosystem-authority` [OSV Drupal](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Sep 2023 16:23:05 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:29:59 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:27:28 +0000` | - |
| Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:25:47 +0000` | - |
| Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:24:02 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:21:58 +0000` | - |
| Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:20:16 +0000` | - |
| Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Mar 2025 18:54:35 +0000` | - |
| Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 17:03:28 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 16:58:10 +0000` | - |
| Drupal core - Critical - Cross site scripting - SA-CORE-2025-001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 16:49:28 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Apr 2023 17:06:18 +0000` | - |
| Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 17 Jan 2024 17:04:39 +0000` | - |
| Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 16 Oct 2024 16:27:27 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 15 Mar 2023 16:26:24 +0000` | - |
| Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 15 Mar 2023 16:24:29 +0000` | - |
| Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 20:16:22 +0000` | - |
| Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 20:16:21 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 18:34:02 +0000` | - |
| Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 18:33:05 +0000` | - |
| CVE-2007-0505 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0506 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0136 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0124 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6646 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6647 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6528 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6529 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6530 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6531 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6386 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5608 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5475 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5476 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5477 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4947 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4949 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4821 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4646 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4355 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4356 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4360 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4120 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4107 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4108 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4002 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3570 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3473 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2831 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2832 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2833 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2742 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2260 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1225 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1226 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1227 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1228 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0070 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3973 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3974 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3975 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2498 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1921 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2106 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0682 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1806 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

34
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `ghost`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `23`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `23`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,35 @@
- `official` [Ghost GitHub Advisories](https://github.com/TryGhost/Ghost/security/advisories) (mode=core)
- `official` [NVD Ghost](https://nvd.nist.gov/vuln/search) (keyword=Ghost CMS; mode=core)
- `ecosystem-authority` [OSV Ghost](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Issues
63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incomplete CSRF protections around OTC use | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL Injection in Members Activity Feed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL injection in Content API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| TryGhost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SSRF via External Media Inliner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
307 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper authentication allows access to member information and actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff 2FA bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS via malicious Portal preview links | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff Token permission bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Ghost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote Code Execution via Malicious Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SSRF via oEmbed Bookmark | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

108
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `joomla`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `100`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,109 @@
- `official` [Joomla Security Centre](https://developer.joomla.org/security-centre.html) (mode=core)
- `official` [NVD Joomla](https://nvd.nist.gov/vuln/search) (keyword=Joomla; mode=core)
- `ecosystem-authority` [OSV Joomla](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2006-4553 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4556 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4466 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4468 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4469 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4470 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4471 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4472 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4473 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4474 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4475 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4476 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4378 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4348 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4320 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4282 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4263 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4269 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4242 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4229 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4129 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4074 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3990 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3995 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3969 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3970 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3773 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3774 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3750 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3530 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3480 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3481 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2960 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2815 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1956 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1957 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1047 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1048 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1049 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1027 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1029 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1030 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0303 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0114 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4650 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3771 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3772 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3773 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| API Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla! Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20260101] - Core - Inadequate content filtering for data URLs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla Home | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Project Roadmap | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Network | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250902] - Core - User-Enumeration in passkey authentication method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Network™ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| What is Joomla? | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sponsor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community Portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Groups | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CMS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The Joomla Foundation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250901] - Core - Inadequate content filtering within the checkAttribute filter code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trademark & Licensing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Site Showcase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Languages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Benefits & Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Service Providers Directory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issue Tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Project & Leadership | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Extensions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Centre | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS reader. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Certification | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blogs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Shop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get a domain | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Volunteers Portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magazine | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerable Extensions List | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get a free site | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Training | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla! Security Centre | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

78
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `mediawiki`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `70`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -27,9 +27,79 @@
- `official` [MediaWiki Security Releases](https://www.mediawiki.org/wiki/Security) (mode=core)
- `official` [MediaWiki Announce RSS](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/feed/) (mode=core)
- `official` [NVD MediaWiki](https://nvd.nist.gov/vuln/search) (keyword=MediaWiki; mode=core)
- `ecosystem-authority` [OSV MediaWiki](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 22 Oct 2025 21:44:43 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 10 Dec 2025 22:22:38 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.13/1.42.7/1.43.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Jul 2025 16:53:41 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Apr 2025 20:57:04 +0000` | - |
| [MediaWiki-announce] Re: MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 07 May 2025 07:47:35 +0000` | - |
| [MediaWiki-announce] Announcing MediaWiki 1.44.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 02 Jul 2025 21:30:40 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 01 Oct 2025 20:33:01 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.39.17 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 16 Dec 2025 18:21:00 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.11/1.41.5/1.42.4) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 14 Jan 2025 19:41:18 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45-alpha will be branched as a beta on 28-10-2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 07 Oct 2025 15:18:36 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 06 May 2025 19:13:18 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Nov 2025 13:27:41 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.43.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 01 Jul 2025 15:18:58 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45.0-rc.0 is ready for testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 20 Nov 2025 13:30:34 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 10 Apr 2025 16:23:30 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 02 Oct 2025 17:37:08 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.41 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Sat, 21 Dec 2024 10:46:44 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.42 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 23:15:16 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 18:02:30 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.39 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 29 Dec 2025 20:36:35 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 23:43:45 +0000` | - |
| [MediaWiki-announce] Announcing MediaWiki 1.45.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 17:01:47 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.42.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 03 Feb 2025 17:39:30 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 27 Jun 2025 22:25:47 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.39.11, 1.41.5 and 1.42.4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 20 Dec 2024 17:57:58 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.12/1.42.6/1.43.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:47:11 +0000` | - |
| [MediaWiki-announce] Re: The Recent MediaWiki Extensions and Skins Security Release Supplement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:34:58 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.9/1.41.3/1.42.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 16:56:23 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.16/1.43.6/1.44.3/1.45.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 09 Jan 2026 17:54:29 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.15 / 1.43.5 / 1.44.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 03 Oct 2025 18:45:04 +0000` | - |
| CVE-2010-1190 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-1189 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-4589 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-0737 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5687 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5252 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5250 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-4408 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1318 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0460 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4883 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4828 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1054 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1055 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0788 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0177 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-2895 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2611 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1498 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0322 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4501 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4031 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3165 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3166 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3167 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2396 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2215 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1888 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0534 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0536 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1245 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0535 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1405 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2152 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2185 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2186 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2187 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

48
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `moodle`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `40`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,49 @@
- `official` [Moodle Security News](https://moodle.org/security/) (mode=core)
- `official` [NVD Moodle](https://nvd.nist.gov/vuln/search) (keyword=Moodle; mode=core)
- `ecosystem-authority` [OSV Moodle](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2008-3325 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1502 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0123 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-6538 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3555 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1647 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1429 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7048 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6625 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6626 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5219 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4936 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4937 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4938 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4939 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4940 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4941 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4942 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4943 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4784 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4785 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4786 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3951 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0146 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0147 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3648 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3649 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1424 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1425 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2232 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2234 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2235 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2236 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2237 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1711 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-0725 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

37
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `strapi`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `26`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,33 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
16 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
214 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthorized Access to Private Fields via parms.lookup | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Weak Password Length Validation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Server - Side Request Forgery in Webhook function | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Leaking data via relations via the Admin Panel | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3rd party token leak and authentication bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial-of-Service via Improper Exception Handling | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
71.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthorized Access to Private Fields in User Registration API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
573 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Leaking sensitive user information, user reset password, tokens via content-manager views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Field level permissions not being respected in relationship title | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CORS Misconfiguration Leads to Sensitive Data Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

149
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `wordpress`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `140`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `140`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -24,7 +24,7 @@
## 来源
- `official` [WordPress Security News](https://wordpress.org/news/category/security/) (mode=core)
- `official` [WordPress Security News RSS](https://wordpress.org/news/category/security/feed/) (mode=core)
- `official` [NVD WordPress](https://nvd.nist.gov/vuln/search) (keyword=WordPress; mode=core)
- `ecosystem-authority` [Wordfence Vulnerability Database](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/) (mode=plugin)
- `ecosystem-authority` [Patchstack Database](https://patchstack.com/database/) (mode=plugin)
@@ -35,4 +35,143 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2007-1893 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1732 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1622 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1599 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1409 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1277 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1244 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1230 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1049 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0539 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0540 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0541 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0262 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0106 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0107 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6863 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6808 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6016 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6017 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5705 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4208 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3389 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3390 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2702 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2667 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1263 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1012 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0985 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0986 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0733 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4463 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3330 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2612 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1921 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2107 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2108 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2110 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1810 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1687 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1102 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1559 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1584 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| Interviews | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forums | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Swag Store ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Blocks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wicked Folders <= 4.1.0 Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Manage subscriptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How to Install WPScan | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Stats WordPress stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Modern Events Calendar <= 7.29.0 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Gutenberg ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Showcase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress.org | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Education | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Education | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Submit vulnerabilities | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| CLI scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Patterns | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Design | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Writeprint Stylometry <= 0.1 Reflected Cross-Site Scripting via 'p' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Hosting | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CLI Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| General | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Disclosure policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Five for the Future | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unpatched Vulnerability in TI WooCommerce Wishlist Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Jannah <= 7.6.3 Local File Inclusion vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Month in WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report this content | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Contextual Related Posts < 4.2.2 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Log in now. | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Awards | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Enterprise | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress.tv ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CR]Paid Link Manager <= 0.5 Reflected Cross-Site Scripting vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WP User Frontend <= 4.2.8 Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Duplicate Post <= 4.5 Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Pricing | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Object Injection vulnerability fixed in SEOPress 7.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unauthorized Plugin Installation/Activation in Hunk Companion | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View site in Reader | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unauthenticated Privilege Escalation in Profile-Builder plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| New Malware Campaign Targets WP-Automatic Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Make WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Photo Directory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Job Board ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Thim Elementor Kit <= 1.3.7 Missing Authorization to Unauthenticated Private Course Disclosure vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Meta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Our Stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Managed VDP New | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Community | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerability statistics | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Whitepaper 2026 New | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WP EasyPay <= 4.2.11 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Master Addons for Elementor <= 2.1.3 Cross Site Scripting (XSS) vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WP Go Maps <= 10.0.05 Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WordPress plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software vendors | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Enterprise Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| LearnPress &#8211; Sepay Payment <= 4.0.0 Broken Authentication vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| The 10 Best Vulnerability Scanners for Effective Web Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Flexmls® IDX <= 3.15.9 Reflected Cross Site Scripting (XSS) vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Learn WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Royal Elementor Addons <= 1.7.1049 WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |

88
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `adobe-commerce`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `81`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `81`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -34,4 +34,84 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2024-20759 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-11T15:59:16.957` | - |
| CVE-2024-20758 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-16T14:53:40.187` | - |
| CVE-2024-20720 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:01.000` | - |
| CVE-2024-20719 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:00.843` | - |
| CVE-2024-20718 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:00.647` | - |
| CVE-2024-20717 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:52:59.233` | - |
| CVE-2024-20716 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:52:59.103` | - |
| CVE-2023-38251 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:11.070` | - |
| CVE-2023-38250 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:10.920` | - |
| CVE-2023-38249 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:10.773` | - |
| CVE-2023-38221 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:07.010` | - |
| CVE-2023-38220 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.863` | - |
| CVE-2023-38219 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.720` | - |
| CVE-2023-38218 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.583` | - |
| CVE-2023-26367 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:51:12.530` | - |
| CVE-2023-26366 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:51:12.390` | - |
| CVE-2022-24093 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:49:47.413` | - |
| CVE-2023-38209 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.447` | - |
| CVE-2023-38208 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.317` | - |
| CVE-2023-38207 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.193` | - |
| CVE-2023-29297 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:49.170` | - |
| CVE-2023-29296 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:49.063` | - |
| CVE-2023-29295 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.960` | - |
| CVE-2023-29294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.850` | - |
| CVE-2023-29293 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.747` | - |
| CVE-2023-29292 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.640` | - |
| CVE-2023-29291 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.530` | - |
| CVE-2023-29290 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.423` | - |
| CVE-2023-29289 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.313` | - |
| CVE-2023-29288 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.197` | - |
| CVE-2023-29287 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.080` | - |
| CVE-2023-22248 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:23.877` | - |
| CVE-2023-22251 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.210` | - |
| CVE-2023-22250 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.110` | - |
| CVE-2023-22249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.003` | - |
| CVE-2023-22247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:23.737` | - |
| CVE-2022-42344 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:24:47.620` | - |
| CVE-2022-35698 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:30.073` | - |
| CVE-2022-35689 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:28.990` | - |
| CVE-2022-35692 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:29.357` | - |
| CVE-2022-34259 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:10.063` | - |
| CVE-2022-34258 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.953` | - |
| CVE-2022-34257 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.827` | - |
| CVE-2022-34256 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.690` | - |
| CVE-2022-34255 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.567` | - |
| CVE-2022-34254 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.437` | - |
| CVE-2022-34253 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.320` | - |
| CVE-2022-24086 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-10-23T14:51:16.013` | - |
| CVE-2021-39864 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:20:25.057` | - |
| CVE-2021-36035 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:12:59.820` | - |
| APSB26-05  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-86  Securityupdates availablefor Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-22  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-41  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-61  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-88 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-38  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-42  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-30  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-26  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Back to top | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-73  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-17  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-18  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-50  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-35  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-71  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-12  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-08  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-40  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-90 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-08  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-94  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-48 : Security updates available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-02  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-59  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-13  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-64  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-50 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-03  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-47  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

99
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `magento-open-source`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `89`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `89`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,95 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2019-7885 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.997` | - |
| CVE-2019-7882 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.893` | - |
| CVE-2019-7881 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.783` | - |
| CVE-2019-7880 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.670` | - |
| CVE-2019-7877 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.560` | - |
| CVE-2019-7876 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.450` | - |
| CVE-2019-7875 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.337` | - |
| CVE-2019-7874 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.227` | - |
| CVE-2019-7873 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.113` | - |
| CVE-2019-7872 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.003` | - |
| CVE-2019-7871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.883` | - |
| CVE-2019-7869 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.650` | - |
| CVE-2019-7868 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.527` | - |
| CVE-2019-7867 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.407` | - |
| CVE-2019-7866 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.287` | - |
| CVE-2019-7865 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.163` | - |
| CVE-2019-7864 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.043` | - |
| CVE-2019-7863 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.933` | - |
| CVE-2019-7862 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.820` | - |
| CVE-2019-7861 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.697` | - |
| CVE-2019-7860 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.580` | - |
| CVE-2019-7859 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.463` | - |
| CVE-2019-7858 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.343` | - |
| CVE-2019-7857 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.230` | - |
| CVE-2019-7855 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.113` | - |
| CVE-2019-7854 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.000` | - |
| CVE-2019-7853 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.883` | - |
| CVE-2019-7852 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.770` | - |
| CVE-2019-7851 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.660` | - |
| CVE-2019-7849 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.440` | - |
| CVE-2019-7139 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:47:38.667` | - |
| CVE-2018-5301 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:08:32.663` | - |
| CVE-2016-10704 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2015-8707 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2014-9758 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2017-13761 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-6485 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-4010 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-2212 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-3243 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-3458 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-3457 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1399 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1398 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1397 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2068 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2067 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-8770 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2011-5240 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-0541 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Surge in Magento 2 template attacks 2022-09-22 The critical template vulnerability in Magento 2 (CVE-2022-24086) is gaining popularity among eCommerce cyber criminals. The majority of recent Sansec forensic cases concern this attack method. In this article we share our findings of 3 template hacks, and hope it will help you if you are confron... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| MagentoCore group hacks 7,339 stores and counting 2018-08-30 A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months. The MagentoCore skimmer is now the most successful to date. Update 2018-09-07: Because Google Chrome has added the campaign to its blocklist last Saturday, the skimmers are now rapidly replacing &q... skimming MagentoCore skimmer | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Competing digital skimmers sabotage each other 2018-11-20 Skimmers found to subtly sabotage each others fraud operations. Competition is grim in the online skimming business (aka "MageCart"). The aggressive MagentoCore skimmer was previously observed to kick contending parasites from its victim hosts. But this week, we discovered that the bat... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Case Study: How eCommerce Hackers Silently Steal Credit Card Data 2021-05-03 The majority of online stores have never been hacked and, as a result, take a somewhat lax approach to cybersecurity. However, no less than 20% of all online stores get hacked every year, which means it might only be a matter of time until yours becomes the next victim. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento wish list exploit bypasses WAF protection 2023-12-18 Found your Magento 2 store hacked recently? Chances are, that attackers injected a malicious wish list. Just before Christmas? Oh the irony. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento Security Release APSB25-08 [Impact Analysis] 2025-02-12 Critical (CVSS 9.4) release enables attackers to take control of customer accounts. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Bad extensions now main source of Magento hacks: a solution! 2019-01-29 In October last year I discovered several Magento extension 0days. As it turns out, this was only the tip of the iceberg: today, insecure 3rd party extensions are used to hack into thousands of stores. A group of Magento professionals have identified 63 vulnerable extensions, and are now releasin... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento and the Log4j vulnerability 2021-12-13 Updated Dec 20th. This article describes how Magento is affected by the critical log4j vulnerability, and what you can (and should) do to prevent a hack. A critical vulnerability in the popular Log4j Java library has been massively exploited since December 1st. It exposes full control to a remote... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Persistent Magento backdoor hidden in XML 2024-04-04 Does your Interceptor.php keep getting infected? Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Persistent parasite in EOL Magento 2 2020-12-02 Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday, Sansec research shows. The flaw's presence would ensure future access for the attackers, even if their primary operation was blown. Sansec has be... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magento security extentions vendor got hacked 2019-10-07 The store of a US Magento extension vendor was found compromised. Attackers had write access to the server selling extensions. We are awaiting a statement on the integrity of downloaded software. Our malware crawlers detected a compromise of Extendware, a vendor of Magento extensions such as &quo... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce 2026-03-17 A new vulnerability in the Magento and Adobe Commerce REST API allows attackers to upload executable files to any store. Adobe fixed the issue in a pre-release version but has not backported the patch. Many stores run web server configurations that enable either remote code execution (RCE) or acc... skimming magento adobe-commerce rce +3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| magento2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vendors defeat Magento security patch (+ simple check) 2023-01-17 Magento and Adobe Commerce stores around the world have been hammered with Trojan Order attacks this winter. And even if you have patched or installed Adobe’s 2.4.4 release, you may still be vulnerable. Sansec discovered that several vendors and agencies are actively bypassing this security fix, ... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Warning: fake Magento patch 9789 contains virus 2017-04-21 Update May 21st: a similar phishing mail circulates about a fake patch SUPEE-1798. Update Apr 22nd: added reference to Neutrino Bot and POS systems This week a mail was sent out to announce the new Magento patch SUPEE-9789. It is fake and it contains malware. There is no patch 9789. The message... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| An OpenCart/Magento hacking dashboard 2017-04-07 This post shows how sophisticated Magento hacking operations have become nowadays. While investigating a bruteforced Magento store, we noticed that the hacker logged in using a curious referrer site: "GET /rss/catalog/notifystock/ HTTP/1.1" 200 5676 "http://194.87.232.147:777/"... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Pull requests
804 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SessionReaper attacks have started, 3 in 5 stores still vulnerable 2025-10-22 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours. skimming CVE-2025-54236 magento adobe-commerce +6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Claude finds 353 zero-days on Packagist 2026-01-22 We built an AI-powered security pipeline to audit popular ecommerce extensions on Packagist. The vulnerabilities we found range from password leaks to full remote code execution. skimming magento adobe-commerce supply-chain +1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CosmicSting attack threatens 75% of Adobe Commerce stores 2024-06-18 One week after the release of a critical security fix, just a quarter of all Adobe Commerce and Magento stores has been patched. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236) 2025-09-08 SessionReaper (CVE-2025-54236) is a critical bug in Magento & Adobe Commerce. The bug may hand full control of a store to unauthenticated attackers. Automated attacks have hit over 50% of all stores globally. Merchants should act immediately. skimming CVE-2025-54236 magento adobe-commerce +5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| CosmicSting attack & defense overview 2024-09-16 CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. Sansec observes that stores are getting hacked at a rate of 5 to 30 per hour. Merchants need to implement these counter measures as soon as possible. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns 2024-10-01 Cybercriminals have hacked 5% of all Adobe Commerce and Magento stores this summer. Among the victims are large international brands. Seven distinct groups are using CosmicSting attacks to plant malicious code on victim stores. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Adobe patches critical Magento admin takeover via menu injection 2025-06-12 A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Fake Klaviyo accounts added to Magento 2022-12-21 Are your Magento admin accounts legitimate? Chances are, that a klaviyo_support_XXXX account was added this week. Best to quickly remove it and read this article. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Do these two things to keep your Magento 1 store running after June 2020-05-28 Over a 100 thousands Magento 1 stores will be running after Adobe terminates support in June (end-of-life). Many merchants need more time to transition to Magento 2 or another platform. No need to panic, your store will not suddenly crash on July 1st. But you should make two important arrangement... skimming magento 1 deadline | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Extortion of Magento merchants 2022-11-07 Sansec has received reports of criminals trying to extort Magento merchants with the message below. As long as the sender does not produce evidence, they almost certainly did not steal your sensitive data. Ignoring them is best. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Critical Magento 2 flaw exploited within 16 hours 2019-05-10 The number of hacked Magento 2 stores spiked in the last four weeks, after a critical security flaw was discovered in March and criminals stole admin passwords within 16 hours. Merchants are advised to implement emergency measures, even if they had already patched. Update June 12th: While there w... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| A Magento breach analysis: part 1 2017-04-12 Part of a series where Magento security professionals share their case notes, so that we can ultimately distill a set of best practices, tools and workflow. Part of the job of running the MageReport service is that I get to investigate tons of hacked stores. About 50-200 new stores get hacked pe... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Cardbleed: 3% of Magento install base hacked 2020-09-14 Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total install base) Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest documented campaign to date. It was a typical Magecart attack: injected malicious code would inter... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Issues
1.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Adobe Commerce merchants to be hit with TrojanOrders this season 2022-11-15 At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |

26
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `medusa`
- 分类: `ecommerce`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `15`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,22 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
69 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| medusajs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| medusa | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
32.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

112
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `opencart`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `100`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,113 @@
- `official` [OpenCart Releases](https://github.com/opencart/opencart/releases) (mode=core)
- `official` [NVD OpenCart](https://nvd.nist.gov/vuln/search) (keyword=OpenCart; mode=core)
- `ecosystem-authority` [OSV OpenCart](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2025-1749 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:49:23.300` | - |
| CVE-2025-1748 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:43.517` | - |
| CVE-2025-1747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:20.830` | - |
| CVE-2025-1746 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:12.877` | - |
| CVE-2025-1117 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-08T13:15:07.843` | - |
| CVE-2025-1116 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-08T12:15:39.660` | - |
| CVE-2025-0974 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-03T02:15:26.433` | - |
| CVE-2025-0841 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-29T21:15:20.973` | - |
| CVE-2025-0580 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-20T03:15:08.540` | - |
| CVE-2025-0579 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-20T03:15:08.353` | - |
| CVE-2025-0460 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T16:15:34.800` | - |
| CVE-2025-22335 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-07T16:15:42.703` | - |
| CVE-2025-0214 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-04T17:15:07.507` | - |
| CVE-2024-36694 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-22T15:36:02.527` | - |
| CVE-2024-51835 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-19T21:56:45.533` | - |
| CVE-2024-21519 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:36.377` | - |
| CVE-2024-21518 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:36.223` | - |
| CVE-2024-21517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:16.380` | - |
| CVE-2024-21516 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:15.903` | - |
| CVE-2024-21515 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:15.357` | - |
| CVE-2024-21514 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:35.600` | - |
| CVE-2023-47444 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:30:17.177` | - |
| CVE-2023-2315 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:58:22.310` | - |
| CVE-2023-40834 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:20:11.673` | - |
| CVE-2020-20491 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-12-10T20:15:07.187` | - |
| CVE-2021-37823 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-05T14:15:21.957` | - |
| CVE-2022-41403 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-15T19:15:54.980` | - |
| CVE-2013-1891 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:50:35.890` | - |
| CVE-2022-24108 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:49:49.213` | - |
| CVE-2020-29471 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:24:03.283` | - |
| CVE-2020-29470 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:24:03.120` | - |
| CVE-2020-28838 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:23:10.513` | - |
| CVE-2020-15478 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:05:35.830` | - |
| CVE-2020-13980 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:17.100` | - |
| CVE-2020-10596 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:55:40.073` | - |
| CVE-2019-15081 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:00.747` | - |
| CVE-2018-1000640 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:40:18.203` | - |
| CVE-2018-13067 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:46:20.270` | - |
| CVE-2018-11495 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:29.193` | - |
| CVE-2018-11494 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:29.020` | - |
| CVE-2018-11231 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:57.327` | - |
| CVE-2014-3990 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:09:17.240` | - |
| CVE-2016-10509 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2015-4671 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2011-3763 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-1610 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-0956 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-1621 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-1027 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-3130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| #14937 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| opencart | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14933 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14961 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14936 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14943 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15029 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15012 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14874 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14929 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15010 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14941 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14940 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14938 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14980 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| View all tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15011 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14879 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14875 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| /pull/14942 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
8.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14877 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14928 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
27 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14955 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14930 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14931 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14932 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14934 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14979 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15034 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| opencart | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14939 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14956 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| bf120c7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14935 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14916 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
112 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

39
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `openmage`
- 分类: `ecommerce`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `27`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `27`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,40 @@
- `official` [OpenMage GitHub Advisories](https://github.com/OpenMage/magento-lts/security/advisories) (mode=core)
- `official` [NVD OpenMage](https://nvd.nist.gov/vuln/search) (keyword=OpenMage; mode=core)
- `ecosystem-authority` [OSV OpenMage](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Star
914 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenMage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in theme config fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Fix for authenticated remote code execution through layout update | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in WYSIWYG Editor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
66 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DataFlow upload remote code execution vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in admin file form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
178 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DoS vulnerability in MaliciousCode filter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS in Admin Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| magento-lts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in admin system configs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Guest order "protect code" can be brute-forced too easily | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| X-Original-Url header can expose admin url | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
22 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

131
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `prestashop`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `112`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `112`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -27,10 +27,133 @@
- `official` [PrestaShop Security Page](https://build.prestashop-project.org/news/) (mode=core)
- `official` [GitHub PrestaShop Advisories](https://github.com/PrestaShop/PrestaShop/security/advisories) (mode=core)
- `official` [NVD PrestaShop](https://nvd.nist.gov/vuln/search) (keyword=PrestaShop; mode=core)
- `ecosystem-authority` [OSV PrestaShop](https://osv.dev/) (mode=core)
- `ecosystem-authority` [Friends Of Presta Security](https://security.friendsofpresta.org/) (mode=module)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2020-5294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:51.140` | - |
| CVE-2020-5273 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:48.777` | - |
| CVE-2020-5266 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:47.980` | - |
| CVE-2020-5277 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:49.217` | - |
| CVE-2020-5250 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:45.950` | - |
| CVE-2013-6295 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:58:57.763` | - |
| CVE-2013-4792 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:56:25.330` | - |
| CVE-2013-4791 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:56:25.180` | - |
| CVE-2012-2517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:39:10.433` | - |
| CVE-2013-6358 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:59:04.000` | - |
| CVE-2020-6632 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:36:04.413` | - |
| CVE-2019-19595 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:35:01.013` | - |
| CVE-2019-19594 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:35:00.853` | - |
| CVE-2019-15565 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:29:01.730` | - |
| CVE-2019-13461 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:24:56.967` | - |
| CVE-2019-11876 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:56.310` | - |
| CVE-2018-20717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:01.370` | - |
| CVE-2018-19355 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:47.527` | - |
| CVE-2018-19126 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.610` | - |
| CVE-2018-19125 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.450` | - |
| CVE-2018-19124 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.300` | - |
| CVE-2018-13784 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:47:58.403` | - |
| CVE-2018-8824 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:23.640` | - |
| CVE-2018-10942 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:21.540` | - |
| CVE-2018-8823 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:23.493` | - |
| CVE-2018-7491 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:12:14.077` | - |
| CVE-2018-5682 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:09:09.393` | - |
| CVE-2018-5681 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:09:09.263` | - |
| CVE-2015-1175 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-2009 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-2008 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-6641 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-5801 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-5800 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-5799 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4545 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4544 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2008-6503 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5791 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub
Discussions (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-6648] Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → Discover the PrestaShop example modules repository A hands-on library of working code examples to help you understand how PrestaShop module development really works. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Latest Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS can be stored in DB from "add a message form" in order detail page (FO) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Core Monthly - January 2026 9.1 Beta opens for feedback, Developer Conference videos go live, and big features take shape | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2025-51586] User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop 8.2.4 is available Security improvements for branch 8.2.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Hummingbird v2: Architecture, Best Practices, and Contribution Guide A developer-oriented foundation for modern and scalable PrestaShop themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| its members and contributors | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2025-61922] Customer account takeover via email in PrestaShop Checkout module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Contributor's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path disclosure in JavaScript variable | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL injection possible in search product in BO | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Join us at the inaugural Ecommerce Open Source Summit (EO2S) in Paris Organized by Friends of Presta, EO2S brings together the open source ecommerce community on March 26, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join Slack
Community
(external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| path traversal: file deletion | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Core Monthly - February 2026 New releases, Hummingbird v2, B2B foundations, and a one-page checkout on the horizon | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Core Monthly | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer
Documentation (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Cleaning up old branches: a routine maintenance for a healthier repository We are removing old branches from our repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download
sources (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Some attribute not escaped in Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
305 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Top Contributors
(external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start Developing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-36682] Exposure of Private Personal Information to an Unauthorized Actor in Promokit.eu - Theme settings module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| [CVE-2025-69633] Improper neutralization of SQL parameters in Advanced Popup Creator module from Idnovate for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop 9.1 RC1 is open for testing! The first Release Candidate of PrestaShop 9.1 is here. Help us validate it before the final release. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Time based enumeration in FO login form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Live Updates | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-34989] Improper neutralization of SQL parameter in RSI PDF/HTML catalog evolution (prestapdf) module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| New possible XSS injection through Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Top Translators (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2023-45256] Improper neutralization of SQL parameters in Monetico Paiement module from EuroInformation for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Anonymous customer can download other customers's invoices | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop 8.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop 9.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → AI-Powered API Hackathon: 14+ Endpoints in a Single Day How PrestaShop teams used Claude Code to accelerate Admin API contributions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-36683] Improper neutralization of SQL parameter in Smart Modules - Products Alert module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Email enumeration | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How-to Guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-41670] Improperly Implemented Security Check for Standard in PayPal Official for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop Developer Conference 2025 Filmed Sessions - Community and Security Friends of Presta, Cybersecurity and Ecommerce Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| YouTube
Channel (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Development Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
53 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Useful Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS via customer contact form in FO, through file upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

36
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `saleor`
- 分类: `ecommerce`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `24`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `24`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,37 @@
- `official` [GitHub Saleor Advisories](https://github.com/saleor/saleor/security/advisories) (mode=core)
- `official` [NVD Saleor](https://nvd.nist.gov/vuln/search) (keyword=Saleor; mode=core)
- `ecosystem-authority` [OSV Saleor](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Non-constant time HMAC comparison in Adyen plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS via Unrestricted File Uploads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insecure Direct Object Reference (IDOR) in GraphQL API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
22.7k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper object type validation in mutations leading to unauthorized access | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
185 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CSRF bypass in refreshToken mutation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
67 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User enumeration vulnerability in Saleor due to different error messages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Lack of proper HTML sanitization in rich text fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

83
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `shopware`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `71`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `71`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,84 @@
- `official` [Shopware Security Advisories](https://github.com/shopware/shopware/security/advisories) (mode=core)
- `official` [NVD Shopware](https://nvd.nist.gov/vuln/search) (keyword=Shopware; mode=core)
- `ecosystem-authority` [OSV Shopware](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2023-22730 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:45:18.660` | - |
| CVE-2022-36102 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:12:23.590` | - |
| CVE-2022-36101 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:12:23.440` | - |
| CVE-2022-31148 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:03:59.930` | - |
| CVE-2022-31057 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:03:48.270` | - |
| CVE-2022-24892 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:20.243` | - |
| CVE-2022-24879 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:18.403` | - |
| CVE-2022-24873 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.737` | - |
| CVE-2022-24872 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.607` | - |
| CVE-2022-24871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.483` | - |
| CVE-2022-24956 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:27.467` | - |
| CVE-2022-24748 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.577` | - |
| CVE-2022-24747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.453` | - |
| CVE-2022-24746 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.337` | - |
| CVE-2022-24745 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.213` | - |
| CVE-2022-24744 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.097` | - |
| CVE-2022-21652 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:45:09.557` | - |
| CVE-2022-21651 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:45:09.420` | - |
| CVE-2021-41188 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:25:43.210` | - |
| CVE-2021-37710 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.890` | - |
| CVE-2021-37709 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.713` | - |
| CVE-2021-37708 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.560` | - |
| CVE-2021-37707 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.410` | - |
| CVE-2021-32717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.447` | - |
| CVE-2021-32716 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.340` | - |
| CVE-2021-32713 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.013` | - |
| CVE-2021-32712 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.910` | - |
| CVE-2021-32711 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.803` | - |
| CVE-2021-32710 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.690` | - |
| CVE-2021-32709 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.577` | - |
| CVE-2020-28199 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:22:27.980` | - |
| CVE-2020-13997 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:18.893` | - |
| CVE-2020-13971 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:16.100` | - |
| CVE-2020-13970 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:15.970` | - |
| CVE-2019-12935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:51.287` | - |
| CVE-2019-12799 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:36.247` | - |
| CVE-2018-20713 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:00.820` | - |
| CVE-2017-18357 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:19:55.227` | - |
| CVE-2017-15374 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-3109 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
186 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
1.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `/api/_info/config` route exposes information about licenses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reflected XSS in Storefront Login Page | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `/api/_info/config` route exposes information about active security fixes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
3.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper Control of Generation of Code in Twig rendered views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User enumeration via distinct error codes on Store API login endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated data extraction possible through store-api.order endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reflective Cross Site-Scripting (XSS) in CMS components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
68 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Password recovery link does not expire after email change | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path traversal via Plugin upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Potential take over of app credentials | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

123
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `woocommerce`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `111`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `111`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -27,6 +27,7 @@
- `official` [Woo Developer Advisories](https://developer.woocommerce.com/) (mode=core)
- `official` [GitHub WooCommerce Advisories](https://github.com/woocommerce/woocommerce/security/advisories) (mode=core)
- `official` [NVD WooCommerce](https://nvd.nist.gov/vuln/search) (keyword=WooCommerce; mode=core)
- `ecosystem-authority` [OSV WooCommerce](https://osv.dev/) (mode=core)
- `ecosystem-authority` [Patchstack Database](https://patchstack.com/database/) (mode=extension)
- `ecosystem-authority` [Wordfence Vulnerability Database](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/) (mode=extension)
@@ -34,4 +35,118 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2019-18834 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:40.530` | - |
| CVE-2019-20891 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:39:37.827` | - |
| CVE-2020-11727 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:58:29.603` | - |
| CVE-2020-8819 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:39:30.133` | - |
| CVE-2014-4558 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:10:26.603` | - |
| CVE-2019-18668 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:29.677` | - |
| CVE-2019-14979 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:48.810` | - |
| CVE-2019-14978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:48.663` | - |
| CVE-2017-18592 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:20:28.627` | - |
| CVE-2016-10935 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:06.817` | - |
| CVE-2019-15092 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:02.440` | - |
| CVE-2016-10923 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:05.073` | - |
| CVE-2016-10922 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:04.920` | - |
| CVE-2018-20966 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:35.007` | - |
| CVE-2019-14948 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:44.950` | - |
| CVE-2017-18506 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:20:16.597` | - |
| CVE-2019-14796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:22.400` | - |
| CVE-2019-14774 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:19.310` | - |
| CVE-2019-1010124 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:17:58.953` | - |
| CVE-2019-5979 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:45:50.723` | - |
| CVE-2019-11807 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:48.027` | - |
| CVE-2019-7441 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:14.587` | - |
| CVE-2019-9168 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:51:07.733` | - |
| CVE-2018-20782 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:09.783` | - |
| CVE-2018-20714 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:00.963` | - |
| CVE-2017-18356 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:19:55.073` | - |
| CVE-2018-11525 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:32.763` | - |
| CVE-2018-11486 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:27.857` | - |
| CVE-2018-11485 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:27.710` | - |
| CVE-2018-11579 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:39.363` | - |
| CVE-2018-8711 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:10.983` | - |
| CVE-2018-8710 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:10.840` | - |
| CVE-2015-2329 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:27:13.723` | - |
| CVE-2018-5316 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:08:34.753` | - |
| CVE-2017-17058 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-10112 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-5065 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2069 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-6313 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-4549 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Second parameter of woocommerce_get_breadcrumb may be null for Core Breadcrumbs block in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HPOS sync on read to be disabled by default in WooCommerce 10.7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join the Community Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WooCommerce 10.6.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for Testing: WooCommerce Order Fulfillments | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join us for our “Building Ecommerce Community” Live Event | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
369 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.6: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| AI & Agentic Commerce in WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute to WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How AI and Automation are Improving the Woo Release Process | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.4.3: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Become a Woo agency partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce Meetups | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Product images are now lazy-loaded by default in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release Calendar | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improving WooCommerce Performance at Scale | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5 Release is Delayed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
10.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact Us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.6: Enhanced blocks and a faster dashboard | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| What we’re doing to get the Woo Block Theme ready for you | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get started | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for testing: Experimental REST API Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Experimental Product Object Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Become a Marketplace partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Restricting per_page for Product and ProductReview Store API Requests in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March Office Hours: Testing, testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.3: Dot release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Do not sell or share my personal information | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Mailchimp API Maintenance on February 28, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS Vulnerability in WooCommerce checkout & registration forms | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for Testing: WooCommerce MCP Beta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5: Improving analytics and admin performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Store API Vulnerability Patched in WooCommerce 5.4+ – What You Need To Know | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Status | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Developer Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.2: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Understanding the Interactivity API-driven future for WooCommerce Blocks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WooCommerce Block Theme: An update on our strategy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join the Woo community on Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

13
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `angular`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `2`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Angular vulnerable to XSS in i18n attribute bindings | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T01:31:35.828211Z` | [link](/Users/x/websafe/07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md) |
| Angular i18n vulnerable to Cross-Site Scripting | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-28T06:24:33.665085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md) |

12
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `aspnet-core`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `3`
- 近 30 天新增/更新: `3`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -30,4 +30,6 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2026-26130 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-03-11T13:53:20.707` | - |
| CVE-2020-1045 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-23T18:23:07.950` | - |
| CVE-2020-1597 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-23T18:25:45.733` | - |

23
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `astro`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `14`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `14`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,17 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:27:12.689316Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-66202.md) |
| Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:33:26.119485Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-65019.md) |
| Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:01:27.986221Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64765.md) |
| Astro vulnerable to reflected XSS via the server islands feature | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-20T14:43:59.624508Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64764.md) |
| Astro Development Server has Arbitrary Local File Read | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-20T14:43:59.558170Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64757.md) |
| Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-13T22:46:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64525.md) |
| Astro development server error page is vulnerable to reflected Cross-site Scripting | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:22:31.471739Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64745.md) |
| Astro's bypass of image proxy domain validation leads to SSRF and potential XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-29T14:48:45Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-59837.md) |
| Astro's `X-Forwarded-Host` is reflected without validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-11T00:12:31.565977Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-61925.md) |
| Astro allows unauthorized third-party images in _image endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:22:36.525875Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md) |
| Astros's duplicate trailing slash feature leads to an open redirection security issue | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:35:13.558198Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-54793.md) |
| Astro's server source code is exposed to the public if sourcemaps are enabled | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:18:38.026555Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-56159.md) |
| Atro CSRF Middleware Bypass (security.checkOrigin) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:18:05.038082Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-56140.md) |
| DOM Clobbering Gadget found in astro's client-side router that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:16:37.087731Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-47885.md) |

93
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `django`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `82`
- 近 30 天新增/更新: `5`
- 重点 Markdown 案例数: `5`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `82`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -33,4 +33,85 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Django vulnerable to Uncontrolled Resource Consumption | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-06T19:44:13.458245Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-25673.md) |
| Django has a Race Condition vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-06T19:44:14.996605Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-25674.md) |
| Django has Inefficient Algorithmic Complexity | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:41:06.153879Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2025-14550.md) |
| Django has Inefficient Algorithmic Complexity | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:26:02.134436Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-1285.md) |
| XSS in jQuery as used in Drupal, Backdrop CMS, and other products | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T21:56:20.301637Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2019-11358.md) |
| March 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| May 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| April 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Google Summer of Code 2026 with Django | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| June 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Plan to Adopt Contributor Covenant 3 as Django’s New Code of Conduct | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Djangonaut Space - Session 6 Accepting Applications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Django Steering Council 2025 Year in Review | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| May 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| April 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DSF member of the month - Baptiste Mispelon | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1.10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| September 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| June 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Django security releases issued: 6.0.3, 5.2.12, and 4.2.29 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| August 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| April 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| May 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| July 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| August 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DSF member of the month - Theresa Seyram Agbenyegah | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| June 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| July 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| February 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Recent trends in the work of the Django Security Team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1.8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DSF member of the month - Omar Abou Mrad | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| December 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| November 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| October 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1.11 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| January 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| August 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to main content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to main content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| July 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

11
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `echo`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `2`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -30,4 +30,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Open redirect in github.com/labstack/echo/v4 | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-20T16:03:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/echo/cases/echo-cve-2022-40083.md) |
| Directory traversal on Windows in github.com/labstack/echo/v4 | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-20T16:03:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/echo/cases/echo-cve-2020-36565.md) |

10
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `esbuild`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| esbuild enables any website to send any requests to the development server and read the response | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:58.022803Z` | [link](/Users/x/websafe/07-framework-security/frameworks/esbuild/cases/esbuild-ghsa-67mh-4wv8-2f99.md) |

10
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `express`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2025-67731 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-17T19:40:55.690` | - |

12
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `fastify`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16T03:05:26.332715Z` | [link](/Users/x/websafe/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md) |

12
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `flask`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Flask session does not add `Vary: Cookie` header when accessed in some ways | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23T23:43:45.778179Z` | [link](/Users/x/websafe/07-framework-security/frameworks/flask/cases/flask-cve-2026-27205.md) |

12
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gin`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -30,4 +30,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T10:41:18.820930Z` | [link](/Users/x/websafe/07-framework-security/frameworks/gin/cases/gin-cve-2020-28483.md) |

10
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `hapi`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Denial of Service in @hapi/hapi | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2020-08-31T19:00:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/hapi/cases/hapi-ghsa-23vw-mhv5-grv5.md) |

12
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `koa`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Koa has Host Header Injection via ctx.hostname | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-26T23:36:36.294040Z` | [link](/Users/x/websafe/07-framework-security/frameworks/koa/cases/koa-cve-2026-27959.md) |

13
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `laravel`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `2`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Laravel Framework XSS in Blade templating engine | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:16.767646Z` | [link](/Users/x/websafe/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-43808.md) |
| Query Binding Exploitation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:34.333730Z` | [link](/Users/x/websafe/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-21263.md) |

11
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nestjs`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2026-2293 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-02T20:30:10.923` | - |
| CVE-2025-69211 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-02-20T16:58:36.320` | - |

83
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nextjs`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 总案例数: `66`
- 近 30 天新增/更新: `10`
- 重点 Markdown 案例数: `41`
- 已实证(真实版本): `26`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,73 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-18T22:02:16.858114Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
| Next Server Actions Source Code Exposure | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
| Authorization Bypass in Next.js Middleware | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
| Next.js authorization bypass vulnerability | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
| Denial of Service condition in Next.js image optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
| Next.js Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
| Next.js Denial of Service (DoS) condition | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-06T14:30:33Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-39693.md) |
| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
| Next.js Vulnerable to HTTP Request Smuggling | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T18:28:18Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34350.md) |
| Next.js missing cache-control header may lead to CDN caching empty reply | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:13:42.231979Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2023-46298.md) |
| Unexpected server crash in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:58.785797Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-36046.md) |
| Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:08:26.298810Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-23646.md) |
| Denial of Service Vulnerability in next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:08:09.355091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-21721.md) |
| Unexpected server crash in Next.js. | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
| XSS in Image Optimization API for Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
| Open Redirect in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
| Open Redirect in Next.js versions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
| Remote Code Execution in next | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2022-04-28T19:57:43Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5vj8-3v2h-h38v.md) |
| Directory Traversal in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
| Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:05.061101Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-18282.md) |
| Directory traversal vulnerability in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.025418Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-6184.md) |
| Next.js Directory Traversal Vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-22T19:49:35Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2017-16877.md) |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service in Partial Pre Rendering | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service with Server Components - Incomplete Fix Follow-Up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| next.js | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| null origin can bypass Server Actions CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
36 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Server Actions Source Code Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
138k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service with Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service in Image Optimizer | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unbounded next/image disk cache growth can exhaust storage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| null origin can bypass dev HMR websocket CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HTTP request smuggling in rewrites | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
1.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unbounded postponed resume buffering can lead to DoS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

3
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
查看文件

@@ -4,7 +4,7 @@ system_id: "nextjs"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-17T16:17:15Z"
updated_date: "2026-03-17T16:31:26.646070Z"
updated_date: "2026-03-18T22:02:16.858114Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
@@ -60,6 +60,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-29057
- https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.13

15
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nodejs`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `8`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `8`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,11 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-21` | - |
| System Information Library for Node.JS Command Injection | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-02-01` | - |
| Tuesday, January 13, 2026 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenSSL Security Advisory Assessment, January 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| New security releases to be made available Tuesday, March 24, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wednesday, May 14, 2025 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tuesday, July 15, 2025 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

41
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nuxt`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `28`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `5`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `28`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,35 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-18T13:04:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2025-59414.md) |
| Nuxt allows DOS via cache poisoning with payload rendering response | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-03-20T19:31:04Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2025-27415.md) |
| Nuxt vulnerable to remote code execution via the browser when running the test locally | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-18T16:27:00Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2024-34344.md) |
| nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-05-15T21:26:45Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2024-34343.md) |
| nuxt Code Injection vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-18T16:26:30Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2023-3224.md) |
| Opening a malicious website while running a Nuxt dev server could allow read-only access to code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS in navigateTo if used after SSR | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote code execution via the browser when running e2e tests locally | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Opening a malicious website while running a Nuxt dev server could allow read-only access to code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path Traversal: '../filedir' in Nuxt Devtools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
788 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Client-Side Path Traversal in Nuxt Island Payload Revival | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
118 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DOS via cache poisoning with payload rendering response | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
59.9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

51
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `rails`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `42`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `10`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `42`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,45 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Rails has possible XSS Vulnerability in Action Controller | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-20T10:42:26.578616Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2024-26143.md) |
| Ruby on Rails vulnerable to code injection | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-03T14:58:34.698394Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2006-4111.md) |
| Rails Denial of Service vulnerability | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-03T15:46:47.783301Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2006-4112.md) |
| Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:30:21.670801Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-3227.md) |
| Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-05-01T18:49:06.777708Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-5379.md) |
| Session fixation vulnerability in Rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:30:02.622007Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-5380.md) |
| session fixation protection mechanism in cgi_process.rb in Rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:55:51.425352Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-6077.md) |
| rails is vulnerable to CRLF injection | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T17:02:22.936736Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2008-5189.md) |
| Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T20:05:53.148849Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2009-4214.md) |
| Rails vulnerable to Cross-site Scripting | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-08T05:43:59.579843Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2014-0081.md) |
| CVE-2013-0156 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2013-0155 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-6497 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-6496 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3465 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3464 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3463 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3424 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2695 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2694 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2661 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2660 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-1099 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-1098 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4319 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3187 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3186 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2932 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2931 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2930 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2929 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-2197 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0449 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0448 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0447 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-0446 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-3933 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
| CVE-2008-7248 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-3086 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-3009 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-2422 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-4094 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |

34
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `react`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `21`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `3`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,28 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Cross-Site Scripting in react | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T03:57:27.158332Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-cve-2013-7035.md) |
| Cross-Site Scripting in react | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2021-10-01T20:15:16Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-ghsa-hg79-j56m-fxgv.md) |
| Cross-Site Scripting in react-dom | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.209483Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-cve-2018-6341.md) |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
810 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Source Code Exposure Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Critical Security Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| react | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
371 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerabilities in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
244k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

13
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `spring-boot`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-13T21:59:19.426456Z` | [link](/Users/x/websafe/07-framework-security/frameworks/spring-boot/cases/spring-boot-cve-2022-27772.md) |
| Spring Boot | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

18
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `spring-framework`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `11`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `11`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,14 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2025-41254: Spring Framework STOMP CSRF Vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41249: Spring Framework Annotation Detection Vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-22718: Command injection on user machine using VSCode extension for Spring CLI | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41253: Using Spring Expression Language To Expose Environment Variables and System Properties | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41243: Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Spring Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

10
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `spring-security`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `3`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,6 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Spring Security Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Spring Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

14
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `sveltekit`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `3`
- 近 30 天新增/更新: `3`
- 重点 Markdown 案例数: `3`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,6 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-28T06:27:26.115188Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-fpg4-jhqr-589c.md) |
| CPU exhaustion in SvelteKit remote form deserialization (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:23:11.893790Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-88qp-p4qg-rqm6.md) |
| Memory exhaustion in SvelteKit remote form deserialization (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:25:49.392878Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-vrhm-gvg7-fpcf.md) |

20
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `symfony`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `9`
- 近 30 天新增/更新: `9`
- 重点 Markdown 案例数: `9`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,12 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CSV Injection in symfony/serializer | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T21:59:52.395727Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41270.md) |
| Cookie persistence after password changes in symfony/security-bundle | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:23.582059Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41268.md) |
| Webcache Poisoning in symfony/http-kernel | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:11.423907Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md) |
| Authentication granted to all firewalls instead of just one | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:16.333089Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-32693.md) |
| Prevent user enumeration using Guard or the new Authenticator-based Security | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:16:14.858636Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-21424.md) |
| RCE in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:38.594283Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-15094.md) |
| Firewall configured with unanimous strategy was not actually unanimous in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:16:03.504887Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5275.md) |
| Exceptions displayed in non-debug configurations in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:59.230149Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5274.md) |
| Prevent cache poisoning via a Response Content-Type header in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:08.748385Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5255.md) |

29
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `undici`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 总案例数: `16`
- 近 30 天新增/更新: `7`
- 重点 Markdown 案例数: `15`
- 已实证(真实版本): `7`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,19 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:59.936049Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:58.908047Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:58.996775Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T23:58:57.714731Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:59.863318Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:59.626657Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
| CVE-2026-21636 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-01-30T20:20:56.843` | - |
| Undici vulnerable to data leak when using response.arrayBuffer() | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T13:57:47.271493Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-38372.md) |
| Undici proxy-authorization header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-02T13:15:07Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24758.md) |
| fetch(url) leads to a memory leak in undici | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-19T09:30:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24750.md) |
| CRLF Injection in Nodejs ‘undici’ via host | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-16T15:26:50.318903Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-23936.md) |
| Regular Expression Denial of Service in Headers | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:11:48.635999Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md) |
| Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.836338Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35948.md) |
| `undici.request` vulnerable to SSRF using absolute URL on `pathname` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.898548Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35949.md) |
| undici before v5.8.0 vulnerable to CRLF injection in request headers | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:27.728154Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md) |
| ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |

8
07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
查看文件

@@ -4,8 +4,8 @@ system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:07:03Z"
updated_date: "2026-03-14T09:19:54.772219Z"
severity: "medium"
updated_date: "2026-03-18T22:58:59.626657Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "verified-real"
@@ -50,7 +50,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
- Canonical ID: `undici--CVE-2026-1525`
- 系统: `undici`
- 严重度: `medium`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm
- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -58,9 +58,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
## 其他来源
- https://cna.openjsf.org/security-advisories.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-1525
- https://hackerone.com/reports/3556037
- https://cna.openjsf.org/security-advisories.html
- https://cwe.mitre.org/data/definitions/444.html
- https://github.com/nodejs/undici
- https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6

8
07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
查看文件

@@ -4,8 +4,8 @@ system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:41:56Z"
updated_date: "2026-03-13T20:54:25.563997Z"
severity: "high"
updated_date: "2026-03-18T22:58:59.936049Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "verified-real"
@@ -50,7 +50,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
- Canonical ID: `undici--CVE-2026-1526`
- 系统: `undici`
- 严重度: `high`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q
- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -58,9 +58,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
## 其他来源
- https://cna.openjsf.org/security-advisories.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-1526
- https://hackerone.com/reports/3481206
- https://cna.openjsf.org/security-advisories.html
- https://datatracker.ietf.org/doc/html/rfc7692
- https://github.com/nodejs/undici
- https://owasp.org/www-community/attacks/Denial_of_Service

8
07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
查看文件

@@ -4,8 +4,8 @@ system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:41:26Z"
updated_date: "2026-03-13T20:54:25.572106Z"
severity: "medium"
updated_date: "2026-03-18T22:58:58.996775Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "verified-real"
@@ -49,7 +49,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
- Canonical ID: `undici--CVE-2026-1527`
- 系统: `undici`
- 严重度: `medium`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq
- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -57,9 +57,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
## 其他来源
- https://cna.openjsf.org/security-advisories.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-1527
- https://hackerone.com/reports/3487198
- https://cna.openjsf.org/security-advisories.html
- https://github.com/nodejs/undici
## 实验层

8
07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
查看文件

@@ -4,8 +4,8 @@ system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:07:26Z"
updated_date: "2026-03-14T09:17:45.838435Z"
severity: "high"
updated_date: "2026-03-18T22:58:59.863318Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "verified-real"
@@ -49,7 +49,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
- Canonical ID: `undici--CVE-2026-1528`
- 系统: `undici`
- 严重度: `high`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj
- 影响版本: `introduced=6.0.0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -57,9 +57,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
## 其他来源
- https://cna.openjsf.org/security-advisories.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-1528
- https://hackerone.com/reports/3537648
- https://cna.openjsf.org/security-advisories.html
- https://github.com/nodejs/undici
## 实验层

8
07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
查看文件

@@ -4,8 +4,8 @@ system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:41:41Z"
updated_date: "2026-03-13T20:54:26.149214Z"
severity: "high"
updated_date: "2026-03-18T22:58:58.908047Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "verified-real"
@@ -50,7 +50,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
- Canonical ID: `undici--CVE-2026-2229`
- 系统: `undici`
- 严重度: `high`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8
- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -58,9 +58,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
## 其他来源
- https://cna.openjsf.org/security-advisories.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-2229
- https://hackerone.com/reports/3487486
- https://cna.openjsf.org/security-advisories.html
- https://datatracker.ietf.org/doc/html/rfc7692
- https://github.com/nodejs/undici
- https://nodejs.org/api/zlib.html#class-zlibinflateraw

8
07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
查看文件

@@ -4,8 +4,8 @@ system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:37:58Z"
updated_date: "2026-03-13T20:54:25.417862Z"
severity: "medium"
updated_date: "2026-03-18T23:58:57.714731Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "verified-real"
@@ -47,7 +47,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
- Canonical ID: `undici--CVE-2026-2581`
- 系统: `undici`
- 严重度: `medium`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h
- 影响版本: `introduced=7.17.0, fixed<7.24.0`
@@ -55,9 +55,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
## 其他来源
- https://cna.openjsf.org/security-advisories.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-2581
- https://hackerone.com/reports/3513473
- https://cna.openjsf.org/security-advisories.html
- https://github.com/nodejs/undici
## 实验层

57
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `vite`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `42`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 重点 Markdown 案例数: `16`
- 已实证(真实版本): `12`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,49 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
| Vite's `server.fs.deny` did not deny requests for patterns with directories. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-05T01:28:39.527659Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-31207.md) |
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
| Vite XSS vulnerability in `server.transformIndexHtml` via URL payload | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-12-06T00:11:36.913866Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2023-49293.md) |
| Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-08-09T19:14:57Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2023-34092.md) |
| Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-09-23T19:18:33Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2022-35204.md) |
| Pull requests
191 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Any websites were able to send any requests to the development server and read the response | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
15 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with `\` on Windows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vitejs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
79.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Files starting with the same name with the public directory were served | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with `/.` for files under project `root` | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
478 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vite | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with `.svg` or relative paths | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs.deny` bypassed with an invalid `request-target` | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `server.fs` settings was not applied to HTML files | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| server.fs.deny bypassed when using `?raw??` | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

28
07-framework-security/frameworks/vue/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `vue`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `15`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,22 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-10-24T19:12:14.925352Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vue/cases/vue-cve-2024-9506.md) |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
350 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
53.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| core | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
642 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vuejs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| security@vuejs.org | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

10
07-framework-security/frameworks/webpack/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `webpack`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2026-27903 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-02-27T17:21:22.370` | - |

12
07-framework-security/frameworks/werkzeug/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `werkzeug`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `1`
- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `1`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Werkzeug safe_join() allows Windows special device names | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23T23:43:27.690386Z` | [link](/Users/x/websafe/07-framework-security/frameworks/werkzeug/cases/werkzeug-cve-2026-27199.md) |

11
07-framework-security/platforms/adminer/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `adminer`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -30,4 +30,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2026-25892 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-20T20:24:32.147` | - |
| CVE-2026-25878 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-28T00:18:44.953` | - |

23
07-framework-security/platforms/gitea/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gitea`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `13`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `13`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,19 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
224 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| gitea | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| go-gitea | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

86
07-framework-security/platforms/gitlab-ce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gitlab-ce`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `55`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `55`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,82 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| MIT License | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View all Solutions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI-Assisted Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 Branches | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software Supply Chain Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Customer portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jobs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Value Stream Management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitLab Services | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get free trial | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Learn | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1,753 Commits | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Application Security Testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trust Center | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Customer success stories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights for the future of software development
Read the latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Analytics & Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Integrations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Handbook | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Product documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Source Code Management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Enterprise | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Partners | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI Transparency Center | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Press | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Quick start guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Code Suggestions (AI) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Small Business | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Automated Software Delivery | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| README | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Leadership | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Best practice videos | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Install | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Why GitLab
See the top reasons enterprises choose GitLab
Learn more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Investor relations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CI/CD | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 0 Tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View all resources | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software Compliance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Visibility & Measurement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitLab Duo Agent Platform
Agentic AI for the entire software lifecycle
Meet GitLab Duo | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pricing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Talk to sales | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Public Sector | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Platform
The intelligent orchestration platform for DevSecOps
Explore our Platform | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

67
07-framework-security/platforms/grafana/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `grafana`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `60`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `60`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,63 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| GitLab | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Beyla eBPF auto-instrumentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kubernetes Monitoring Get K8s health, performance, and cost monitoring from cluster to container | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Application Observability Monitor application performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Infrastructure observability Ensure infrastructure health and performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Performance testing Powered by Grafana k6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana k6 Load testing for engineering teams | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MySQL | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kafka | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MongoDB | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Faro Frontend application observability web SDK | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Dashboard templates Try out and share prebuilt visualizations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All monitoring and visualization integrations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Traces powered by Grafana Tempo | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Synthetic Monitoring powered by Grafana k6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Plugins Connect Grafana to data sources, apps, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MongoDB | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI/ML insights Identify anomalies and reduce toil | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Windows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incident Response & Management Detect and respond to incidents with a simplified workflow | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AppDynamics | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Datadog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Pyroscope Scalable continuous profiling backend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Logs powered by Grafana Loki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana for visualization | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Google Cloud | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Alloy OpenTelemetry Collector distribution with Prometheus pipelines | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Docker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SLO management Create SLOs and error budget alerts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RabbitMQ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Snowflake | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| New Relic | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Prometheus Monitor Kubernetes and cloud native | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Create free account | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Tempo High-scale distributed tracing backend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Metrics powered by Grafana Mimir and Prometheus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Linux | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Loki Multi-tenant log aggregation system | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Graphite Scalable monitoring for time series data | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Prometheus exporters Get your metrics into Prometheus quickly | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jira | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Postgres | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenTelemetry Instrument and collect telemetry data | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Oracle | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Query, visualize, and alert on data | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Salesforce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Mimir Scalable and performant metrics backend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AWS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Frontend Observability Gain real user monitoring insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contextual root cause analysis Automated anomaly correlation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| On-call management Flexible on-call management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Alerting Trigger alerts from any data source | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Splunk | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incident response Routine task automation for incidents | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Application Observability Monitor application performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All monitoring integrations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Microsoft Azure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

67
07-framework-security/platforms/jenkins/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `jenkins`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `60`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `60`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,63 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Git Parameter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| JDepend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User1st uTester | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Statistics Gatherer | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Coverage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-09-17 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| global-build-stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-07-09 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Issues | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ByteGuard Build Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Home | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerabilities and Scoring | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2026-02-18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Git client | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS feed. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Aqua Security Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Eggplant Runner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Credentials Binding | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| LoadNinja | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Curseforge Publisher | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SAML | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Testsigma Test Plan run | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start Windocks Containers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-10-29 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jakarta Mail API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Extensible Choice Parameter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Publish to Bitbucket | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Apica Loadtest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2026-03-18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| BlazeMeter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How We Fix Security Issues | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kryptowire | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reporting Vulnerabilities | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| IBM Cloud DevOps | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Terminology | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sensedia Api Platform tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins CNA | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-12-10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HashiCorp Vault | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MCP Server | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| IFTTT Build Notifier | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenShift Pipeline | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Nexus Task Runner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ReadyAPI Functional Testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory Schedule | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Redpen - Pipeline Reporter for Jira | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| QMetry Test Management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contributions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Nouvola DiveCloud | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HTML Publisher | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Themis | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenTelemetry | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerabilities in Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-09-03 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Applitools Eyes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Dead Man's Snitch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

48
07-framework-security/platforms/kibana/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `kibana`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `41`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `41`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,44 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-13) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-04) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-34) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 9.3.1 Security Update (ESA-2026-17) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| next page → | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-28) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-14) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Synthetics Recorder 1.4.15 Security Update (ESA-2026-16) - CVE-2025-6554 and CVE-2025-7657 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Guidelines | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-10) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-24) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-15) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-37) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-03) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-35) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-02) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-08) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-39) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Terms of Service | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Privacy Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trademarks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-38) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Categories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discuss the Elastic Stack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-30) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Metricbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-01) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.7, 9.1.7, 9.2.1 Security Update (ESA-2025-25) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-33) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About the Security Announcements category | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Brand | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-36) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-27) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-31) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-12) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-05) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Filebeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-32) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Code of Conduct | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-29) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

32
07-framework-security/platforms/mattermost/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `mattermost`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `20`
- 近 30 天新增/更新: `19`
- 重点 Markdown 案例数: `20`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `20`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -27,9 +27,29 @@
- `official` [Mattermost Security Updates](https://mattermost.com/security-updates/) (mode=core)
- `official` [NVD Mattermost](https://nvd.nist.gov/vuln/search) (keyword=Mattermost; mode=core)
- `official` [Mattermost Security Updates JSON](https://securityupdates.mattermost.com/security_updates.json) (mode=core)
- `ecosystem-authority` [OSV Mattermost](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Issue Identifier | `severity` | `generated` | `triage-manual` | `synthetic` | `official` | `Fix Release Date` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-issue-identifier.md) |
| MMSA-2025-00553 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md) |
| MMSA-2026-00574 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00574.md) |
| MMSA-2026-00603 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00603.md) |
| MMSA-2026-00624 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00624.md) |
| MMSA-2026-00625 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00625.md) |
| MMSA-2026-00610 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-10` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00610.md) |
| MMSA-2026-00611 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-10` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00611.md) |
| MMSA-2026-00621 | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-05` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00621.md) |
| MMSA-2025-00562 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2025-00562.md) |
| MMSA-2026-00584 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00584.md) |
| MMSA-2026-00589 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00589.md) |
| MMSA-2026-00593 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00593.md) |
| MMSA-2026-00594 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00594.md) |
| MMSA-2026-00598 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00598.md) |
| MMSA-2026-00599 | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00599.md) |
| MMSA-2025-00566 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2025-00566.md) |
| MMSA-2026-00578 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00578.md) |
| MMSA-2026-00590 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00590.md) |
| MMSA-2026-00595 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00595.md) |

60
07-framework-security/platforms/phpmyadmin/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `phpmyadmin`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `50`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `50`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,61 @@
- `official` [phpMyAdmin Security Page](https://www.phpmyadmin.net/security/) (mode=core)
- `official` [NVD phpMyAdmin](https://nvd.nist.gov/vuln/search) (keyword=phpMyAdmin; mode=core)
- `ecosystem-authority` [OSV phpMyAdmin](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| PMASA-2022-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| phpMyAdmin security team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download 5.2.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| sponsorship program | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2023-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| donating
to our project | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| phpMyAdmin keyring | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Keybase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2022-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2025-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| issue
tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security (current) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Docs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2025-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| phpMyAdmin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Try demo | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| hardening label | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2025-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Try | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS feed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

58
07-framework-security/platforms/redmine/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `redmine`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `50`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `50`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,59 @@
- `official` [Redmine Security Advisories](https://www.redmine.org/projects/redmine/wiki/Security_Advisories) (mode=core)
- `official` [NVD Redmine](https://nvd.nist.gov/vuln/search) (keyword=Redmine; mode=core)
- `ecosystem-authority` [OSV Redmine](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| 96 revisions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Koya Masuda | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.12 (2026-03-16) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.1.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.11 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Help | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Changelog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Register | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forums | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.3.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.1.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.2.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.12 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0.13 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Privacy Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Index by title | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start page | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| FAQ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Roadmap | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Index by date | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.1.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.1.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Search | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Holger Just | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Redmine Security Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0.14 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HowTo's | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Activity | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

142
07-framework-security/servers/apache-httpd/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `apache-httpd`
- 分类: `servers`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `135`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `135`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,138 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Apache HTTP Server Improper Escaping of Output Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-22` | - |
| Apache HTTP Server-Side Request Forgery (SSRF) | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2021-12-15` | - |
| Apache HTTP Server Privilege Escalation Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-05-03` | - |
| Apache HTTP Server Path Traversal Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2021-11-17` | - |
| Apache HTTP Server Path Traversal Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2021-11-17` | - |
| CVE-2007-1860 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1742 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1741 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1842 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1801 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1720 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1633 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1577 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1524 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0450 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7098 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0637 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0419 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0173 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0086 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0098 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6869 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6613 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6445 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6390 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6047 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5733 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5263 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4625 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4636 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4558 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4191 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4004 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3918 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2330 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3630 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4814 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2088 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2115 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2343 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-0646 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-0113 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2003-0249 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2003-1307 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2003-1418 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1793 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-2007 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1157 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-0240 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2001-1556 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2000-1168 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2000-0505 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-1999-1412 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| libapreq | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trunk | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-59775 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-28330 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-38473 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Flood | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Mailing Lists | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-40725 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-38472 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-66200 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-54090 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| impact rating | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-47252 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-23048 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-55753 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sponsorship | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| FAQ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| mod_fcgid | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Miscellaneous | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-43204 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download! | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Apache Traffic Control | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Support | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trunk (dev) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APR | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contributors | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2023-27522 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2023-43622 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-42516 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-40898 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Version 2.4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2023-25690 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2006-20001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-24795 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| mod_perl | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-53020 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-27316 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Reports | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-65082 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2023-38709 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Apache Traffic Server | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-39573 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-30556 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Test | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| General Information | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-49630 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| mod_ftp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-36760 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-58098 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-43394 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-36387 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2023-31122 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-26377 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Thanks! | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-28615 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| License | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Docs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-38474 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Info | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Bug Reports | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-38477 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-29404 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Apache httpd 2.2 vulnerabilities list | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-37436 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get Involved | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ¶ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2023-45802 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-38476 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2.4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-39884 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Privacy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-28614 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Modules | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2024-38475 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2022-30522 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-49812 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

143
07-framework-security/servers/apache-tomcat/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `apache-tomcat`
- 分类: `servers`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `136`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `136`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,139 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Apache Tomcat Path Equivalence Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-22` | - |
| Apache Tomcat Remote Code Execution Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2023-06-02` | - |
| Apache Tomcat on Windows Remote Code Execution Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-04-15` | - |
| Apache Tomcat Remote Code Execution Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-04-15` | - |
| Apache Tomcat Improper Privilege Management Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-03-17` | - |
| Cisco HyperFlex HX Data Platform Command Injection Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2021-11-17` | - |
| CVE-2008-1232 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1947 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-5333 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-6286 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0002 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0457 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0128 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-5342 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-5461 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4724 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3382 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3385 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3386 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3384 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3383 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-2449 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-2450 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1860 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7195 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7196 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1358 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1858 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7197 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0450 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1491 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0774 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-3835 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1753 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1754 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4703 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4836 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3510 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3164 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0808 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1567 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1394 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1895 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-2006 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-2007 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-2008 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-2009 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-2272 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-0935 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-0493 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-0682 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2000-1210 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2001-0829 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2001-0590 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2000-0759 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2000-0760 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| 5053fa82 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-48989 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-48988 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Taglibs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 238d2aa5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat 9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| af6e9181 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2aa62612 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat 9.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-24734 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Presentations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2026-24733 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 130d36d8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat 10.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat Native | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat Native 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| building.html | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 667ddd76 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 8621e4c6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat Connectors | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-52520 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Which version? | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Mailing Lists | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 73c04a10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Who We Are | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Bug Database | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Maven Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Legal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-61795 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-49125 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat Connectors | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-48976 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Considerations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 972f9a5e | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 138d7f5c | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat Native 1.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| security impact rating | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Home | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-55754 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-31651 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 066bf6b6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-66614 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Migration Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat 11.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| BUILDING.txt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-55752 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Heritage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-55668 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat 10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat 11 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Reports | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| end of life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Twitter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Fixed in Apache Tomcat 10.1.52 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| YouTube | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-31650 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| cdde8e65 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-46701 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Buildbot | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Source code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2c680011 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Taglibs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Resources | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 7617b9c2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Upgrading | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Find help | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| e0e07812 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| fc42bbcc | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-49124 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| FAQ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 711b465c | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Archives | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tomcat Migration Tool for Jakarta EE | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Swag | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CVE-2025-53506 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

39
07-framework-security/servers/caddy/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `caddy`
- 分类: `servers`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `27`
- 近 30 天新增/更新: `6`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `27`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,33 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-27T19:55:10Z` | - |
| Caddy is vulnerable to cross-origin config application via local admin API /load | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-27T19:54:36Z` | - |
| Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-27T19:53:54Z` | - |
| Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-27T19:53:17Z` | - |
| Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-27T19:52:41Z` | - |
| Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-27T19:51:57Z` | - |
| Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| mTLS client authentication silently fails open when CA certificate file is missing or malformed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| caddy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| caddyserver | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper sanitization of glob characters in file matcher may lead to bypassing security protections | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
201 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| vars_regexp double-expands user input, leaking env vars and files | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| cross-origin config application via local admin API /load (caddy) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
46 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

13
07-framework-security/servers/haproxy/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `haproxy`
- 分类: `servers`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `6`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `6`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,9 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Omnissa Horizon alternative: how HAProxy solves UDP load balancing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Feb 2026 14:00:00 +0000` | - |
| Don't panic: a low-risk strategy for Ingress NGINX retirement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Feb 2026 09:00:00 +0000` | - |
| Announcing HAProxy Fusion 2.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 16 Mar 2026 08:00:00 +0000` | - |
| Load balancing VMware Horizon's UDP and TCP traffic: a guide with HAProxy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 27 Feb 2026 09:59:00 +0000` | - |
| Securing 80,000 transactions per second at Infobip with HAProxy Enterprise WAF | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 27 Feb 2026 00:00:00 +0000` | - |
| Streamlining your NIS2 and DORA compliance solution with HAProxy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 13 Mar 2026 12:00:00 +0000` | - |

117
07-framework-security/servers/nginx/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nginx`
- 分类: `servers`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `110`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `110`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -32,4 +32,113 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2019-18371 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:09.193` | - |
| CVE-2019-15517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:54.740` | - |
| CVE-2019-13980 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:25:49.497` | - |
| CVE-2019-13617 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:25:22.417` | - |
| CVE-2019-13067 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:24:07.910` | - |
| CVE-2019-12938 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:51.743` | - |
| CVE-2019-12208 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:22:25.360` | - |
| CVE-2019-12207 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:22:25.223` | - |
| CVE-2019-12206 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:22:25.087` | - |
| CVE-2019-11839 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:52.253` | - |
| CVE-2019-11838 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:52.120` | - |
| CVE-2019-11837 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:51.960` | - |
| CVE-2019-9161 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:51:06.693` | - |
| CVE-2019-9945 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:52:38.800` | - |
| CVE-2018-11747 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:57.247` | - |
| CVE-2019-7401 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-08-12T17:24:44.367` | - |
| CVE-2018-16845 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:53:25.953` | - |
| CVE-2018-16844 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:53:25.810` | - |
| CVE-2018-16843 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:53:25.653` | - |
| CVE-2018-1000653 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:40:20.017` | - |
| CVE-2018-11046 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:33.560` | - |
| CVE-2018-12029 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:44:27.120` | - |
| CVE-2018-8059 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:13:12.287` | - |
| CVE-2018-1299 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:59:34.407` | - |
| CVE-2017-7529 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2017-8301 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-1247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2016-4450 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2016-0747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2016-0746 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2016-0742 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-3556 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-3616 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-0088 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-0133 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2013-4547 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2013-0337 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2013-2070 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2013-2028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-3380 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4963 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-2089 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-1180 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4315 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-2266 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-2263 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-4487 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-3898 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-3896 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-2629 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| blog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| gateway fabric | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| faq | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| community | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ingress controller | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| download | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| news | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| community forum (new) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| books | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| here | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| njs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| x.com | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| about | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PGP public keys | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Watch the CNCF webinar: ingress-nginx and NGINX Ingress Controller | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| pgp | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| enterprise | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The patch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

56
07-framework-security/servers/traefik/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `traefik`
- 分类: `servers`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `43`
- 近 30 天新增/更新: `16`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `43`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,50 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Traefik: HTTP/2 frames can cause a running server to panic | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T03:09:48.127568Z` | - |
| Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-18T13:59:10.423590Z` | - |
| traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-05T22:46:31.066201Z` | - |
| Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-05T22:46:34.795238Z` | - |
| Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-05T22:46:37.079765Z` | - |
| Traefik affected by TLS ClientAuth Bypass on HTTP/3 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T10:47:38.380633Z` | - |
| Traefik: TCP readTimeout bypass via STARTTLS on Postgres | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-25T14:44:05.939193Z` | - |
| Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:52.435901Z` | - |
| Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:45.825626Z` | - |
| Traefik Inverted TLS Verification Logic in ingress-nginx Provider in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:46.762301Z` | - |
| Traefik allows path traversal using url encoding in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:56:38.338929Z` | - |
| Traefik has a possible vulnerability with the path matchers in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:56:30.468018Z` | - |
| Traefik affected by Go HTTP Request Smuggling Vulnerability in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:56:31.085358Z` | - |
| Traefik affected by CVE-2024-53259 in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:56:09.454939Z` | - |
| HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:48.536445Z` | - |
| Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:33.607072Z` | - |
| Issues
678 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| TCP readTimeout bypass via STARTTLS on Postgres | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Inverted TLS Verification Logic in Kubernetes NGINX Provider | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| traefik | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
35 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
95 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| traefik | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HTTP/2 frames can cause a running server to panic | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ForwardAuth Middleware Allows Unbounded Response Body, Causing Potential Denial of Service | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ACME TLS-ALPN fast path lacks timeouts and close on handshake stall | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path Normalization Bypass in Traefik Router + Middleware Rules | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Case-Sensitive Bypass in Connection Header Allows Removal of X-Forwarded Headers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| TLS Handshake Error Handling Allows Stalled Connections on TCP Routers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| TLS ClientAuth Bypass on HTTP/3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
62.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

4
08-threat-intel/generated/coverage-matrix.md
查看文件

@@ -37,7 +37,7 @@
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-17T16:31:34.160932Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
@@ -57,7 +57,7 @@
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `43` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-18T13:59:10.423590Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-14T09:19:54.772219Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-18T23:58:57.714731Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-02-27T17:21:22.370` |

543
08-threat-intel/generated/dashboard/advisories.json
查看文件

@@ -2698,6 +2698,278 @@
"refs": []
}
},
"undici--CVE-2026-2581": {
"canonical_id": "undici--CVE-2026-2581",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:37:58Z",
"updated_at": "2026-03-18T23:58:57.714731Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"https://hackerone.com/reports/3513473",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-2581",
"GHSA-phc3-fgpg-7m6h"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1526": {
"canonical_id": "undici--CVE-2026-1526",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:56Z",
"updated_at": "2026-03-18T22:58:59.936049Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"https://hackerone.com/reports/3481206",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://owasp.org/www-community/attacks/Denial_of_Service"
],
"aliases": [
"CVE-2026-1526",
"GHSA-vrm6-8vpv-qv8q"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1528": {
"canonical_id": "undici--CVE-2026-1528",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:07:26Z",
"updated_at": "2026-03-18T22:58:59.863318Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"https://hackerone.com/reports/3537648",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1528",
"GHSA-f269-vfmq-vjvj"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1525": {
"canonical_id": "undici--CVE-2026-1525",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:07:03Z",
"updated_at": "2026-03-18T22:58:59.626657Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"https://hackerone.com/reports/3556037",
"https://cna.openjsf.org/security-advisories.html",
"https://cwe.mitre.org/data/definitions/444.html",
"https://github.com/nodejs/undici",
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
],
"aliases": [
"CVE-2026-1525",
"GHSA-2mjp-6q6p-2qxm"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1527": {
"canonical_id": "undici--CVE-2026-1527",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:26Z",
"updated_at": "2026-03-18T22:58:58.996775Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"https://hackerone.com/reports/3487198",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1527",
"GHSA-4992-7rv2-5pvq"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-2229": {
"canonical_id": "undici--CVE-2026-2229",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:41Z",
"updated_at": "2026-03-18T22:58:58.908047Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"https://hackerone.com/reports/3487486",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
],
"aliases": [
"CVE-2026-2229",
"GHSA-v9p9-hfj2-hcw8"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-29057": {
"canonical_id": "nextjs--CVE-2026-29057",
"title": "Next.js: HTTP request smuggling in rewrites",
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:17:15Z",
"updated_at": "2026-03-18T22:02:16.858114Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-29057",
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.13",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-29057",
"GHSA-ggv3-7p47-pfv8"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"request-smuggling-boundary",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"traefik--CVE-2026-29777": {
"canonical_id": "traefik--CVE-2026-29777",
"title": "Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values",
@@ -4522,46 +4794,6 @@
"refs": []
}
},
"nextjs--CVE-2026-29057": {
"canonical_id": "nextjs--CVE-2026-29057",
"title": "Next.js: HTTP request smuggling in rewrites",
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-17T16:17:15Z",
"updated_at": "2026-03-17T16:31:26.646070Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
"secondary_source_urls": [
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.13",
"https://github.com/vercel/next.js/releases/tag/v16.1.7"
],
"aliases": [
"CVE-2026-29057",
"GHSA-ggv3-7p47-pfv8"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"request-smuggling-boundary",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "official-source",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2026-27978": {
"canonical_id": "nextjs--CVE-2026-27978",
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
@@ -4935,83 +5167,6 @@
"refs": []
}
},
"undici--CVE-2026-1525": {
"canonical_id": "undici--CVE-2026-1525",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "medium",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:07:03Z",
"updated_at": "2026-03-14T09:19:54.772219Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"https://hackerone.com/reports/3556037",
"https://cwe.mitre.org/data/definitions/444.html",
"https://github.com/nodejs/undici",
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
],
"aliases": [
"CVE-2026-1525",
"GHSA-2mjp-6q6p-2qxm"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1528": {
"canonical_id": "undici--CVE-2026-1528",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "high",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:07:26Z",
"updated_at": "2026-03-14T09:17:45.838435Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"https://hackerone.com/reports/3537648",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1528",
"GHSA-f269-vfmq-vjvj"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"traefik--GHSA-4hjq-9h5c-252j": {
"canonical_id": "traefik--GHSA-4hjq-9h5c-252j",
"title": "Traefik: HTTP/2 frames can cause a running server to panic",
@@ -5954,160 +6109,6 @@
"refs": []
}
},
"undici--CVE-2026-2229": {
"canonical_id": "undici--CVE-2026-2229",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "high",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:41Z",
"updated_at": "2026-03-13T20:54:26.149214Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"https://hackerone.com/reports/3487486",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
],
"aliases": [
"CVE-2026-2229",
"GHSA-v9p9-hfj2-hcw8"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1527": {
"canonical_id": "undici--CVE-2026-1527",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "medium",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:26Z",
"updated_at": "2026-03-13T20:54:25.572106Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"https://hackerone.com/reports/3487198",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1527",
"GHSA-4992-7rv2-5pvq"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-1526": {
"canonical_id": "undici--CVE-2026-1526",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "high",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:56Z",
"updated_at": "2026-03-13T20:54:25.563997Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"https://hackerone.com/reports/3481206",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://owasp.org/www-community/attacks/Denial_of_Service"
],
"aliases": [
"CVE-2026-1526",
"GHSA-vrm6-8vpv-qv8q"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"undici--CVE-2026-2581": {
"canonical_id": "undici--CVE-2026-2581",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "medium",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:37:58Z",
"updated_at": "2026-03-13T20:54:25.417862Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"https://hackerone.com/reports/3513473",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-2581",
"GHSA-phc3-fgpg-7m6h"
],
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"traefik--GHSA-gv8r-9rw9-9697": {
"canonical_id": "traefik--GHSA-gv8r-9rw9-9697",
"title": "Traefik affected by TLS ClientAuth Bypass on HTTP/3",

62
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T21:23:23+00:00",
"generated_at": "2026-03-19T02:23:04+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -49,7 +49,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-18T21:23:23+00:00"
"value": "2026-03-19T02:23:04+00:00"
}
],
"links": [
@@ -600,7 +600,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 2",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -637,7 +637,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "Drupal Security Advisories Site\nGHSA Drupal Core"
"value": "OSV Drupal"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -685,7 +685,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -722,7 +722,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Ghost"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -770,7 +770,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -807,7 +807,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Joomla"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -855,7 +855,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 3",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -892,7 +892,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV MediaWiki"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -940,7 +940,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -977,7 +977,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Moodle"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -1143,7 +1143,7 @@
"fields": [
{
"label": "\u5b98\u65b9\u6765\u6e90",
"value": "WordPress Security News\nNVD WordPress"
"value": "WordPress Security News RSS\nNVD WordPress"
},
{
"label": "\u751f\u6001\u6765\u6e90",
@@ -4212,7 +4212,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 3",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -4249,7 +4249,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Mattermost"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -4297,7 +4297,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -4334,7 +4334,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Redmine"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -4382,7 +4382,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -4419,7 +4419,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV phpMyAdmin"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -5274,7 +5274,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -5311,7 +5311,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV OpenCart"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -5359,7 +5359,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -5396,7 +5396,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV OpenMage"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -5444,7 +5444,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 3",
"\u751f\u6001\u6e90 1",
"\u751f\u6001\u6e90 2",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -5481,7 +5481,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "Friends Of Presta Security"
"value": "OSV PrestaShop\nFriends Of Presta Security"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -5529,7 +5529,7 @@
"badges": [
"\u8fd1\u4e24\u5e74\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -5566,7 +5566,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Saleor"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -5614,7 +5614,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 2",
"\u751f\u6001\u6e90 0",
"\u751f\u6001\u6e90 1",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -5651,7 +5651,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "-"
"value": "OSV Shopware"
},
{
"label": "\u7814\u7a76\u6765\u6e90",
@@ -5699,7 +5699,7 @@
"badges": [
"\u5386\u53f2\u5168\u91cf",
"\u5b98\u65b9\u6e90 3",
"\u751f\u6001\u6e90 2",
"\u751f\u6001\u6e90 3",
"\u7814\u7a76\u6e90 0"
],
"fields": [
@@ -5736,7 +5736,7 @@
},
{
"label": "\u751f\u6001\u6765\u6e90",
"value": "Patchstack Database\nWordfence Vulnerability Database"
"value": "OSV WooCommerce\nPatchstack Database\nWordfence Vulnerability Database"
},
{
"label": "\u7814\u7a76\u6765\u6e90",

38
08-threat-intel/generated/dashboard/data/completeness.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T21:23:23+00:00",
"generated_at": "2026-03-19T02:23:04+00:00",
"advisory_total": 89,
"registry_advisory_total": 2392,
"scope": "latest-run-backed-advisories",
@@ -168,35 +168,43 @@
}
],
"ingest_health": {
"failure_count": 0,
"failures": []
"failure_count": 4,
"failures": [
"django::OSV Django::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"flask::OSV Flask::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"spring-security::OSV Spring Security::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"symfony::OSV Symfony::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))"
]
},
"source_health": {
"active_source_count": 125,
"green_source_count": 125,
"active_source_count": 118,
"green_source_count": 118,
"failure_count": 0,
"last_fully_green_run": "2026-03-18T21:09:25+00:00",
"last_fully_green_run": "2026-03-19T02:22:24+00:00",
"open_alert_count": 0,
"resolved_alert_count": 0
},
"monitor_summary": {
"generated_at": "2026-03-18T21:09:25+00:00",
"active_source_count": 125,
"green_source_count": 125,
"generated_at": "2026-03-19T02:22:24+00:00",
"active_source_count": 118,
"green_source_count": 118,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 0,
"last_fully_green_run": "2026-03-18T21:09:25+00:00",
"last_fully_green_run": "2026-03-19T02:22:24+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 161,
"retired_source_count": 36
"source_count": 173,
"retired_source_count": 55
},
"ingest": {
"new_count": 0,
"updated_count": 0,
"failure_count": 0,
"systems_touched": []
"updated_count": 7,
"failure_count": 4,
"systems_touched": [
"nextjs",
"undici"
]
},
"validation": {
"passed": true,

21
08-threat-intel/generated/dashboard/data/monitor-summary.json
查看文件

@@ -1,21 +1,24 @@
{
"generated_at": "2026-03-18T21:09:25+00:00",
"active_source_count": 125,
"green_source_count": 125,
"generated_at": "2026-03-19T02:22:24+00:00",
"active_source_count": 118,
"green_source_count": 118,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 0,
"last_fully_green_run": "2026-03-18T21:09:25+00:00",
"last_fully_green_run": "2026-03-19T02:22:24+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 161,
"retired_source_count": 36
"source_count": 173,
"retired_source_count": 55
},
"ingest": {
"new_count": 0,
"updated_count": 0,
"failure_count": 0,
"systems_touched": []
"updated_count": 7,
"failure_count": 4,
"systems_touched": [
"nextjs",
"undici"
]
},
"validation": {
"passed": true,

623
08-threat-intel/generated/dashboard/data/source-catalog-audit.json
查看文件

@@ -1,10 +1,10 @@
{
"generated_at": "2026-03-18T21:16:34+00:00",
"generated_at": "2026-03-19T02:22:09+00:00",
"system_count": 62,
"source_count": 161,
"active_source_count": 125,
"retired_source_count": 36,
"systems_with_active_official": 62,
"source_count": 173,
"active_source_count": 118,
"retired_source_count": 55,
"systems_with_active_official": 61,
"systems_with_machine_readable_source": 62,
"systems": [
{
@@ -177,11 +177,11 @@
"display_name": "Drupal",
"category": "cms",
"tier": "history-full",
"source_total": 4,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 2,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 2,
"has_active_official": true,
@@ -208,12 +208,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -223,12 +223,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -267,11 +267,11 @@
"display_name": "Ghost",
"category": "cms",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -387,11 +387,11 @@
"display_name": "Joomla",
"category": "cms",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -462,11 +462,11 @@
"display_name": "Mattermost",
"category": "platforms",
"tier": "rolling-24m",
"source_total": 3,
"source_total": 4,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 2,
"has_active_official": true,
@@ -477,11 +477,11 @@
"display_name": "MediaWiki",
"category": "cms",
"tier": "rolling-24m",
"source_total": 3,
"source_total": 4,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 2,
"has_active_official": true,
@@ -507,14 +507,14 @@
"display_name": "Moodle",
"category": "cms",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"retired_source_total": 2,
"official_active": 0,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
"has_active_official": false,
"has_machine_readable_source": true
},
{
@@ -523,12 +523,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -597,11 +597,11 @@
"display_name": "OpenCart",
"category": "ecommerce",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -612,11 +612,11 @@
"display_name": "OpenMage / Mage-OS",
"category": "ecommerce",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -627,11 +627,11 @@
"display_name": "phpMyAdmin",
"category": "platforms",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -642,11 +642,11 @@
"display_name": "PrestaShop",
"category": "ecommerce",
"tier": "history-full",
"source_total": 4,
"source_total": 5,
"active_source_total": 4,
"retired_source_total": 0,
"official_active": 3,
"ecosystem_active": 1,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 2,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -658,12 +658,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -687,11 +687,11 @@
"display_name": "Redmine",
"category": "platforms",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -702,11 +702,11 @@
"display_name": "Saleor",
"category": "ecommerce",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -717,11 +717,11 @@
"display_name": "Shopware",
"category": "ecommerce",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -838,12 +838,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -883,12 +883,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -912,11 +912,11 @@
"display_name": "WooCommerce",
"category": "ecommerce",
"tier": "history-full",
"source_total": 5,
"source_total": 6,
"active_source_total": 5,
"retired_source_total": 0,
"official_active": 3,
"ecosystem_active": 2,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 3,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -928,9 +928,9 @@
"category": "cms",
"tier": "history-full",
"source_total": 6,
"active_source_total": 6,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 5,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 3,
"research_active": 1,
"machine_readable_active": 1,
@@ -1045,26 +1045,13 @@
{
"system_id": "drupal",
"display_name": "Drupal",
"source_name": "Drupal Security Advisories Site",
"bucket": "ecosystem_sources",
"kind": "html-links",
"retired_reason": "Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.",
"source_name": "NVD Drupal",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.",
"replacement_sources": [
"Drupal Security Advisories RSS",
"GHSA Drupal Core"
],
"url": "https://www.drupal.org/security"
},
{
"system_id": "drupal",
"display_name": "Drupal",
"source_name": "GHSA Drupal Core",
"bucket": "ecosystem_sources",
"kind": "ghsa-global",
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.",
"replacement_sources": [
"Drupal Security Advisories RSS",
"NVD Drupal"
"OSV Drupal"
],
"url": ""
},
@@ -1080,6 +1067,18 @@
],
"url": ""
},
{
"system_id": "esbuild",
"display_name": "esbuild",
"source_name": "NVD esbuild",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV esbuild replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV esbuild"
],
"url": ""
},
{
"system_id": "express",
"display_name": "Express",
@@ -1092,6 +1091,18 @@
],
"url": ""
},
{
"system_id": "express",
"display_name": "Express",
"source_name": "NVD Express.js",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Express replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Express"
],
"url": ""
},
{
"system_id": "fastify",
"display_name": "Fastify",
@@ -1116,6 +1127,19 @@
],
"url": ""
},
{
"system_id": "ghost",
"display_name": "Ghost",
"source_name": "NVD Ghost",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.",
"replacement_sources": [
"Ghost GitHub Advisories",
"OSV Ghost"
],
"url": ""
},
{
"system_id": "hapi",
"display_name": "Hapi",
@@ -1140,6 +1164,19 @@
],
"url": "https://www.haproxy.org/security/"
},
{
"system_id": "joomla",
"display_name": "Joomla",
"source_name": "NVD Joomla",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.",
"replacement_sources": [
"Joomla Security Centre",
"OSV Joomla"
],
"url": ""
},
{
"system_id": "koa",
"display_name": "Koa",
@@ -1176,6 +1213,19 @@
],
"url": "https://mattermost.com/security-updates/"
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"source_name": "NVD Mattermost",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.",
"replacement_sources": [
"Mattermost Security Updates JSON",
"OSV Mattermost"
],
"url": ""
},
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
@@ -1189,6 +1239,19 @@
],
"url": "https://www.mediawiki.org/wiki/Security"
},
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
"source_name": "NVD MediaWiki",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.",
"replacement_sources": [
"MediaWiki Announce RSS",
"OSV MediaWiki"
],
"url": ""
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -1201,6 +1264,18 @@
],
"url": "https://moodle.org/security/"
},
{
"system_id": "moodle",
"display_name": "Moodle",
"source_name": "NVD Moodle",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.",
"replacement_sources": [
"OSV Moodle"
],
"url": ""
},
{
"system_id": "nestjs",
"display_name": "NestJS",
@@ -1213,6 +1288,18 @@
],
"url": ""
},
{
"system_id": "nestjs",
"display_name": "NestJS",
"source_name": "NVD NestJS",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV NestJS replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV NestJS"
],
"url": ""
},
{
"system_id": "nextjs",
"display_name": "Next.js",
@@ -1239,6 +1326,59 @@
],
"url": ""
},
{
"system_id": "opencart",
"display_name": "OpenCart",
"source_name": "NVD OpenCart",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.",
"replacement_sources": [
"OpenCart Releases",
"OSV OpenCart"
],
"url": ""
},
{
"system_id": "openmage",
"display_name": "OpenMage / Mage-OS",
"source_name": "NVD OpenMage",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV OpenMage replaces NVD for machine-readable composer-aligned collection.",
"replacement_sources": [
"OpenMage GitHub Advisories",
"OSV OpenMage"
],
"url": ""
},
{
"system_id": "phpmyadmin",
"display_name": "phpMyAdmin",
"source_name": "NVD phpMyAdmin",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.",
"replacement_sources": [
"phpMyAdmin Security Page",
"OSV phpMyAdmin"
],
"url": ""
},
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"source_name": "NVD PrestaShop",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.",
"replacement_sources": [
"PrestaShop Security Page",
"GitHub PrestaShop Advisories",
"OSV PrestaShop"
],
"url": ""
},
{
"system_id": "rails",
"display_name": "Ruby on Rails",
@@ -1251,6 +1391,18 @@
],
"url": ""
},
{
"system_id": "rails",
"display_name": "Ruby on Rails",
"source_name": "NVD Ruby on Rails",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Rails replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Rails"
],
"url": ""
},
{
"system_id": "react",
"display_name": "React",
@@ -1264,6 +1416,44 @@
],
"url": ""
},
{
"system_id": "redmine",
"display_name": "Redmine",
"source_name": "NVD Redmine",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.",
"replacement_sources": [
"Redmine Security Advisories"
],
"url": ""
},
{
"system_id": "saleor",
"display_name": "Saleor",
"source_name": "NVD Saleor",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.",
"replacement_sources": [
"GitHub Saleor Advisories",
"OSV Saleor"
],
"url": ""
},
{
"system_id": "shopware",
"display_name": "Shopware",
"source_name": "NVD Shopware",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.",
"replacement_sources": [
"Shopware Security Advisories",
"OSV Shopware"
],
"url": ""
},
{
"system_id": "spring-boot",
"display_name": "Spring Boot",
@@ -1339,6 +1529,18 @@
],
"url": ""
},
{
"system_id": "undici",
"display_name": "Undici",
"source_name": "NVD Undici",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Undici replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Undici"
],
"url": ""
},
{
"system_id": "vite",
"display_name": "Vite",
@@ -1377,6 +1579,18 @@
],
"url": ""
},
{
"system_id": "webpack",
"display_name": "webpack",
"source_name": "NVD webpack",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV webpack replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV webpack"
],
"url": ""
},
{
"system_id": "werkzeug",
"display_name": "Werkzeug",
@@ -1388,6 +1602,34 @@
"OSV Werkzeug"
],
"url": ""
},
{
"system_id": "woocommerce",
"display_name": "WooCommerce",
"source_name": "NVD WooCommerce",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.",
"replacement_sources": [
"Woo Developer Advisories",
"GitHub WooCommerce Advisories",
"OSV WooCommerce"
],
"url": ""
},
{
"system_id": "wordpress",
"display_name": "WordPress",
"source_name": "NVD WordPress",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.",
"replacement_sources": [
"WordPress Security News RSS",
"Wordfence Vulnerability Database",
"WPScan Vulnerability Database"
],
"url": ""
}
],
"replacement_map": [
@@ -1456,18 +1698,10 @@
},
{
"system_id": "drupal",
"retired_source": "Drupal Security Advisories Site",
"retired_source": "NVD Drupal",
"replacement_sources": [
"Drupal Security Advisories RSS",
"GHSA Drupal Core"
]
},
{
"system_id": "drupal",
"retired_source": "GHSA Drupal Core",
"replacement_sources": [
"Drupal Security Advisories RSS",
"NVD Drupal"
"OSV Drupal"
]
},
{
@@ -1477,6 +1711,13 @@
"OSV esbuild"
]
},
{
"system_id": "esbuild",
"retired_source": "NVD esbuild",
"replacement_sources": [
"OSV esbuild"
]
},
{
"system_id": "express",
"retired_source": "GitHub Global Advisories",
@@ -1484,6 +1725,13 @@
"OSV Express"
]
},
{
"system_id": "express",
"retired_source": "NVD Express.js",
"replacement_sources": [
"OSV Express"
]
},
{
"system_id": "fastify",
"retired_source": "GitHub Global Advisories",
@@ -1498,6 +1746,14 @@
"OSV Flask"
]
},
{
"system_id": "ghost",
"retired_source": "NVD Ghost",
"replacement_sources": [
"Ghost GitHub Advisories",
"OSV Ghost"
]
},
{
"system_id": "hapi",
"retired_source": "GitHub Global Advisories",
@@ -1512,6 +1768,14 @@
"HAProxy Blog Feed"
]
},
{
"system_id": "joomla",
"retired_source": "NVD Joomla",
"replacement_sources": [
"Joomla Security Centre",
"OSV Joomla"
]
},
{
"system_id": "koa",
"retired_source": "GitHub Global Advisories",
@@ -1533,6 +1797,14 @@
"NVD Mattermost"
]
},
{
"system_id": "mattermost",
"retired_source": "NVD Mattermost",
"replacement_sources": [
"Mattermost Security Updates JSON",
"OSV Mattermost"
]
},
{
"system_id": "mediawiki",
"retired_source": "MediaWiki Security Releases",
@@ -1541,6 +1813,14 @@
"NVD MediaWiki"
]
},
{
"system_id": "mediawiki",
"retired_source": "NVD MediaWiki",
"replacement_sources": [
"MediaWiki Announce RSS",
"OSV MediaWiki"
]
},
{
"system_id": "moodle",
"retired_source": "Moodle Security News",
@@ -1548,6 +1828,13 @@
"NVD Moodle"
]
},
{
"system_id": "moodle",
"retired_source": "NVD Moodle",
"replacement_sources": [
"OSV Moodle"
]
},
{
"system_id": "nestjs",
"retired_source": "GitHub Global Advisories",
@@ -1555,6 +1842,13 @@
"OSV NestJS"
]
},
{
"system_id": "nestjs",
"retired_source": "NVD NestJS",
"replacement_sources": [
"OSV NestJS"
]
},
{
"system_id": "nextjs",
"retired_source": "GitHub Global Advisories",
@@ -1571,6 +1865,39 @@
"OSV Nuxt"
]
},
{
"system_id": "opencart",
"retired_source": "NVD OpenCart",
"replacement_sources": [
"OpenCart Releases",
"OSV OpenCart"
]
},
{
"system_id": "openmage",
"retired_source": "NVD OpenMage",
"replacement_sources": [
"OpenMage GitHub Advisories",
"OSV OpenMage"
]
},
{
"system_id": "phpmyadmin",
"retired_source": "NVD phpMyAdmin",
"replacement_sources": [
"phpMyAdmin Security Page",
"OSV phpMyAdmin"
]
},
{
"system_id": "prestashop",
"retired_source": "NVD PrestaShop",
"replacement_sources": [
"PrestaShop Security Page",
"GitHub PrestaShop Advisories",
"OSV PrestaShop"
]
},
{
"system_id": "rails",
"retired_source": "GitHub Global Advisories",
@@ -1578,6 +1905,13 @@
"OSV Rails"
]
},
{
"system_id": "rails",
"retired_source": "NVD Ruby on Rails",
"replacement_sources": [
"OSV Rails"
]
},
{
"system_id": "react",
"retired_source": "GitHub Global Advisories",
@@ -1586,6 +1920,29 @@
"OSV React"
]
},
{
"system_id": "redmine",
"retired_source": "NVD Redmine",
"replacement_sources": [
"Redmine Security Advisories"
]
},
{
"system_id": "saleor",
"retired_source": "NVD Saleor",
"replacement_sources": [
"GitHub Saleor Advisories",
"OSV Saleor"
]
},
{
"system_id": "shopware",
"retired_source": "NVD Shopware",
"replacement_sources": [
"Shopware Security Advisories",
"OSV Shopware"
]
},
{
"system_id": "spring-boot",
"retired_source": "GitHub Global Advisories",
@@ -1631,6 +1988,13 @@
"OSV Undici"
]
},
{
"system_id": "undici",
"retired_source": "NVD Undici",
"replacement_sources": [
"OSV Undici"
]
},
{
"system_id": "vite",
"retired_source": "GitHub Global Advisories",
@@ -1654,12 +2018,37 @@
"OSV webpack"
]
},
{
"system_id": "webpack",
"retired_source": "NVD webpack",
"replacement_sources": [
"OSV webpack"
]
},
{
"system_id": "werkzeug",
"retired_source": "GitHub Global Advisories",
"replacement_sources": [
"OSV Werkzeug"
]
},
{
"system_id": "woocommerce",
"retired_source": "NVD WooCommerce",
"replacement_sources": [
"Woo Developer Advisories",
"GitHub WooCommerce Advisories",
"OSV WooCommerce"
]
},
{
"system_id": "wordpress",
"retired_source": "NVD WordPress",
"replacement_sources": [
"WordPress Security News RSS",
"Wordfence Vulnerability Database",
"WPScan Vulnerability Database"
]
}
]
}

369
08-threat-intel/generated/dashboard/data/source-health.json
查看文件

文件差异内容过多而无法显示 加载差异

62
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{
&quot;generated_at&quot;: &quot;2026-03-18T21:23:23+00:00&quot;,
&quot;generated_at&quot;: &quot;2026-03-19T02:23:04+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [
@@ -137,7 +137,7 @@
},
{
&quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-18T21:23:23+00:00&quot;
&quot;value&quot;: &quot;2026-03-19T02:23:04+00:00&quot;
}
],
&quot;links&quot;: [
@@ -688,7 +688,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 2&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -725,7 +725,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;Drupal Security Advisories Site\nGHSA Drupal Core&quot;
&quot;value&quot;: &quot;OSV Drupal&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -773,7 +773,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -810,7 +810,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Ghost&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -858,7 +858,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -895,7 +895,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Joomla&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -943,7 +943,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 3&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -980,7 +980,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV MediaWiki&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -1028,7 +1028,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -1065,7 +1065,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Moodle&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -1231,7 +1231,7 @@
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;官方来源&quot;,
&quot;value&quot;: &quot;WordPress Security News\nNVD WordPress&quot;
&quot;value&quot;: &quot;WordPress Security News RSS\nNVD WordPress&quot;
},
{
&quot;label&quot;: &quot;生态来源&quot;,
@@ -4300,7 +4300,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 3&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -4337,7 +4337,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Mattermost&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -4385,7 +4385,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -4422,7 +4422,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Redmine&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -4470,7 +4470,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -4507,7 +4507,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV phpMyAdmin&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5362,7 +5362,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5399,7 +5399,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV OpenCart&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5447,7 +5447,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5484,7 +5484,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV OpenMage&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5532,7 +5532,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 3&quot;,
&quot;生态源 1&quot;,
&quot;生态源 2&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5569,7 +5569,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;Friends Of Presta Security&quot;
&quot;value&quot;: &quot;OSV PrestaShop\nFriends Of Presta Security&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5617,7 +5617,7 @@
&quot;badges&quot;: [
&quot;近两年全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5654,7 +5654,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Saleor&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5702,7 +5702,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 2&quot;,
&quot;生态源 0&quot;,
&quot;生态源 1&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5739,7 +5739,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;-&quot;
&quot;value&quot;: &quot;OSV Shopware&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,
@@ -5787,7 +5787,7 @@
&quot;badges&quot;: [
&quot;历史全量&quot;,
&quot;官方源 3&quot;,
&quot;生态源 2&quot;,
&quot;生态源 3&quot;,
&quot;研究源 0&quot;
],
&quot;fields&quot;: [
@@ -5824,7 +5824,7 @@
},
{
&quot;label&quot;: &quot;生态来源&quot;,
&quot;value&quot;: &quot;Patchstack Database\nWordfence Vulnerability Database&quot;
&quot;value&quot;: &quot;OSV WooCommerce\nPatchstack Database\nWordfence Vulnerability Database&quot;
},
{
&quot;label&quot;: &quot;研究来源&quot;,

4
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -125,7 +125,7 @@
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-17T16:31:34.160932Z` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-18T22:02:16.858114Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
@@ -145,7 +145,7 @@
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `43` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-18T13:59:10.423590Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-14T09:19:54.772219Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-18T23:58:57.714731Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-02-27T17:21:22.370` |

278
08-threat-intel/generated/dashboard/docs/retired-sources.html
查看文件

@@ -193,26 +193,13 @@
{
&quot;system_id&quot;: &quot;drupal&quot;,
&quot;display_name&quot;: &quot;Drupal&quot;,
&quot;source_name&quot;: &quot;Drupal Security Advisories Site&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;html-links&quot;,
&quot;retired_reason&quot;: &quot;Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.&quot;,
&quot;source_name&quot;: &quot;NVD Drupal&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.&quot;,
&quot;replacement_sources&quot;: [
&quot;Drupal Security Advisories RSS&quot;,
&quot;GHSA Drupal Core&quot;
],
&quot;url&quot;: &quot;https://www.drupal.org/security&quot;
},
{
&quot;system_id&quot;: &quot;drupal&quot;,
&quot;display_name&quot;: &quot;Drupal&quot;,
&quot;source_name&quot;: &quot;GHSA Drupal Core&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;ghsa-global&quot;,
&quot;retired_reason&quot;: &quot;Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.&quot;,
&quot;replacement_sources&quot;: [
&quot;Drupal Security Advisories RSS&quot;,
&quot;NVD Drupal&quot;
&quot;OSV Drupal&quot;
],
&quot;url&quot;: &quot;&quot;
},
@@ -228,6 +215,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;esbuild&quot;,
&quot;display_name&quot;: &quot;esbuild&quot;,
&quot;source_name&quot;: &quot;NVD esbuild&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV esbuild replaces NVD public search for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV esbuild&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;express&quot;,
&quot;display_name&quot;: &quot;Express&quot;,
@@ -240,6 +239,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;express&quot;,
&quot;display_name&quot;: &quot;Express&quot;,
&quot;source_name&quot;: &quot;NVD Express.js&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Express replaces NVD public search for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Express&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;fastify&quot;,
&quot;display_name&quot;: &quot;Fastify&quot;,
@@ -264,6 +275,19 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;ghost&quot;,
&quot;display_name&quot;: &quot;Ghost&quot;,
&quot;source_name&quot;: &quot;NVD Ghost&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.&quot;,
&quot;replacement_sources&quot;: [
&quot;Ghost GitHub Advisories&quot;,
&quot;OSV Ghost&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;hapi&quot;,
&quot;display_name&quot;: &quot;Hapi&quot;,
@@ -288,6 +312,19 @@
],
&quot;url&quot;: &quot;https://www.haproxy.org/security/&quot;
},
{
&quot;system_id&quot;: &quot;joomla&quot;,
&quot;display_name&quot;: &quot;Joomla&quot;,
&quot;source_name&quot;: &quot;NVD Joomla&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.&quot;,
&quot;replacement_sources&quot;: [
&quot;Joomla Security Centre&quot;,
&quot;OSV Joomla&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;koa&quot;,
&quot;display_name&quot;: &quot;Koa&quot;,
@@ -324,6 +361,19 @@
],
&quot;url&quot;: &quot;https://mattermost.com/security-updates/&quot;
},
{
&quot;system_id&quot;: &quot;mattermost&quot;,
&quot;display_name&quot;: &quot;Mattermost&quot;,
&quot;source_name&quot;: &quot;NVD Mattermost&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;Mattermost Security Updates JSON&quot;,
&quot;OSV Mattermost&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;mediawiki&quot;,
&quot;display_name&quot;: &quot;MediaWiki&quot;,
@@ -337,6 +387,19 @@
],
&quot;url&quot;: &quot;https://www.mediawiki.org/wiki/Security&quot;
},
{
&quot;system_id&quot;: &quot;mediawiki&quot;,
&quot;display_name&quot;: &quot;MediaWiki&quot;,
&quot;source_name&quot;: &quot;NVD MediaWiki&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;MediaWiki Announce RSS&quot;,
&quot;OSV MediaWiki&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;moodle&quot;,
&quot;display_name&quot;: &quot;Moodle&quot;,
@@ -349,6 +412,18 @@
],
&quot;url&quot;: &quot;https://moodle.org/security/&quot;
},
{
&quot;system_id&quot;: &quot;moodle&quot;,
&quot;display_name&quot;: &quot;Moodle&quot;,
&quot;source_name&quot;: &quot;NVD Moodle&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Moodle&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nestjs&quot;,
&quot;display_name&quot;: &quot;NestJS&quot;,
@@ -361,6 +436,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nestjs&quot;,
&quot;display_name&quot;: &quot;NestJS&quot;,
&quot;source_name&quot;: &quot;NVD NestJS&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV NestJS replaces NVD public search for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV NestJS&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;nextjs&quot;,
&quot;display_name&quot;: &quot;Next.js&quot;,
@@ -387,6 +474,59 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;opencart&quot;,
&quot;display_name&quot;: &quot;OpenCart&quot;,
&quot;source_name&quot;: &quot;NVD OpenCart&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.&quot;,
&quot;replacement_sources&quot;: [
&quot;OpenCart Releases&quot;,
&quot;OSV OpenCart&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;openmage&quot;,
&quot;display_name&quot;: &quot;OpenMage / Mage-OS&quot;,
&quot;source_name&quot;: &quot;NVD OpenMage&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV OpenMage replaces NVD for machine-readable composer-aligned collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OpenMage GitHub Advisories&quot;,
&quot;OSV OpenMage&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;phpmyadmin&quot;,
&quot;display_name&quot;: &quot;phpMyAdmin&quot;,
&quot;source_name&quot;: &quot;NVD phpMyAdmin&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.&quot;,
&quot;replacement_sources&quot;: [
&quot;phpMyAdmin Security Page&quot;,
&quot;OSV phpMyAdmin&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;prestashop&quot;,
&quot;display_name&quot;: &quot;PrestaShop&quot;,
&quot;source_name&quot;: &quot;NVD PrestaShop&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.&quot;,
&quot;replacement_sources&quot;: [
&quot;PrestaShop Security Page&quot;,
&quot;GitHub PrestaShop Advisories&quot;,
&quot;OSV PrestaShop&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;rails&quot;,
&quot;display_name&quot;: &quot;Ruby on Rails&quot;,
@@ -399,6 +539,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;rails&quot;,
&quot;display_name&quot;: &quot;Ruby on Rails&quot;,
&quot;source_name&quot;: &quot;NVD Ruby on Rails&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Rails replaces NVD public search for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Rails&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;react&quot;,
&quot;display_name&quot;: &quot;React&quot;,
@@ -412,6 +564,44 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;redmine&quot;,
&quot;display_name&quot;: &quot;Redmine&quot;,
&quot;source_name&quot;: &quot;NVD Redmine&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.&quot;,
&quot;replacement_sources&quot;: [
&quot;Redmine Security Advisories&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;saleor&quot;,
&quot;display_name&quot;: &quot;Saleor&quot;,
&quot;source_name&quot;: &quot;NVD Saleor&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.&quot;,
&quot;replacement_sources&quot;: [
&quot;GitHub Saleor Advisories&quot;,
&quot;OSV Saleor&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;shopware&quot;,
&quot;display_name&quot;: &quot;Shopware&quot;,
&quot;source_name&quot;: &quot;NVD Shopware&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.&quot;,
&quot;replacement_sources&quot;: [
&quot;Shopware Security Advisories&quot;,
&quot;OSV Shopware&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;spring-boot&quot;,
&quot;display_name&quot;: &quot;Spring Boot&quot;,
@@ -487,6 +677,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;undici&quot;,
&quot;display_name&quot;: &quot;Undici&quot;,
&quot;source_name&quot;: &quot;NVD Undici&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV Undici replaces NVD public search for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV Undici&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;vite&quot;,
&quot;display_name&quot;: &quot;Vite&quot;,
@@ -525,6 +727,18 @@
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;webpack&quot;,
&quot;display_name&quot;: &quot;webpack&quot;,
&quot;source_name&quot;: &quot;NVD webpack&quot;,
&quot;bucket&quot;: &quot;ecosystem_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV webpack replaces NVD public search for lower-latency machine-readable collection.&quot;,
&quot;replacement_sources&quot;: [
&quot;OSV webpack&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;werkzeug&quot;,
&quot;display_name&quot;: &quot;Werkzeug&quot;,
@@ -536,6 +750,34 @@
&quot;OSV Werkzeug&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;woocommerce&quot;,
&quot;display_name&quot;: &quot;WooCommerce&quot;,
&quot;source_name&quot;: &quot;NVD WooCommerce&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.&quot;,
&quot;replacement_sources&quot;: [
&quot;Woo Developer Advisories&quot;,
&quot;GitHub WooCommerce Advisories&quot;,
&quot;OSV WooCommerce&quot;
],
&quot;url&quot;: &quot;&quot;
},
{
&quot;system_id&quot;: &quot;wordpress&quot;,
&quot;display_name&quot;: &quot;WordPress&quot;,
&quot;source_name&quot;: &quot;NVD WordPress&quot;,
&quot;bucket&quot;: &quot;official_sources&quot;,
&quot;kind&quot;: &quot;nvd-search&quot;,
&quot;retired_reason&quot;: &quot;WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.&quot;,
&quot;replacement_sources&quot;: [
&quot;WordPress Security News RSS&quot;,
&quot;Wordfence Vulnerability Database&quot;,
&quot;WPScan Vulnerability Database&quot;
],
&quot;url&quot;: &quot;&quot;
}
]</pre>
</div>

33
08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
查看文件

@@ -88,12 +88,12 @@
<div class="meta">工作台内置镜像页active/retired source、replacement map 与覆盖摘要。</div>
<pre># Source Catalog Audit
- generated_at: `2026-03-18T21:16:34+00:00`
- generated_at: `2026-03-19T02:22:09+00:00`
- systems: `62`
- sources: `161`
- active_sources: `125`
- retired_sources: `36`
- systems_with_active_official: `62/62`
- sources: `173`
- active_sources: `118`
- retired_sources: `55`
- systems_with_active_official: `61/62`
- systems_with_machine_readable_source: `62/62`
## Retired Sources
@@ -106,34 +106,53 @@
- `discourse` `Discourse Meta Security` -&gt; replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
- `discourse` `GitHub Discourse Advisories` -&gt; replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
- `django` `Django Security RSS` -&gt; replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
- `drupal` `Drupal Security Advisories Site` -&gt; replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
- `drupal` `GHSA Drupal Core` -&gt; replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
- `drupal` `NVD Drupal` -&gt; replacements: `Drupal Security Advisories RSS, OSV Drupal` | reason: OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.
- `esbuild` `GitHub Global Advisories` -&gt; replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
- `esbuild` `NVD esbuild` -&gt; replacements: `OSV esbuild` | reason: OSV esbuild replaces NVD public search for lower-latency machine-readable collection.
- `express` `GitHub Global Advisories` -&gt; replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
- `express` `NVD Express.js` -&gt; replacements: `OSV Express` | reason: OSV Express replaces NVD public search for lower-latency machine-readable collection.
- `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
- `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
- `ghost` `NVD Ghost` -&gt; replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
- `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
- `haproxy` `HAProxy Security Advisories` -&gt; replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
- `joomla` `NVD Joomla` -&gt; replacements: `Joomla Security Centre, OSV Joomla` | reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
- `koa` `GitHub Global Advisories` -&gt; replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
- `laravel` `GitHub Global Advisories` -&gt; replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
- `mattermost` `Mattermost Security Updates` -&gt; replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
- `mattermost` `NVD Mattermost` -&gt; replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
- `mediawiki` `MediaWiki Security Releases` -&gt; replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
- `mediawiki` `NVD MediaWiki` -&gt; replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
- `moodle` `Moodle Security News` -&gt; replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic &quot;Discuss this topic&quot; anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
- `moodle` `NVD Moodle` -&gt; replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
- `nestjs` `GitHub Global Advisories` -&gt; replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
- `nestjs` `NVD NestJS` -&gt; replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
- `nextjs` `GitHub Global Advisories` -&gt; replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
- `nuxt` `GitHub Global Advisories` -&gt; replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
- `opencart` `NVD OpenCart` -&gt; replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
- `openmage` `NVD OpenMage` -&gt; replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
- `phpmyadmin` `NVD phpMyAdmin` -&gt; replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
- `prestashop` `NVD PrestaShop` -&gt; replacements: `PrestaShop Security Page, GitHub PrestaShop Advisories, OSV PrestaShop` | reason: OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.
- `rails` `GitHub Global Advisories` -&gt; replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
- `rails` `NVD Ruby on Rails` -&gt; replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
- `react` `GitHub Global Advisories` -&gt; replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
- `redmine` `NVD Redmine` -&gt; replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
- `saleor` `NVD Saleor` -&gt; replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
- `shopware` `NVD Shopware` -&gt; replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
- `spring-boot` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories, OSV Spring Boot` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `spring-framework` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories, OSV Spring Framework` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.
- `spring-security` `GitHub Global Advisories` -&gt; replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `sveltekit` `GitHub Global Advisories` -&gt; replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
- `symfony` `GitHub Global Advisories` -&gt; replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
- `undici` `GitHub Global Advisories` -&gt; replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
- `undici` `NVD Undici` -&gt; replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
- `vite` `GitHub Global Advisories` -&gt; replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
- `vue` `GitHub Global Advisories` -&gt; replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
- `webpack` `GitHub Global Advisories` -&gt; replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
- `webpack` `NVD webpack` -&gt; replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
- `werkzeug` `GitHub Global Advisories` -&gt; replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
- `woocommerce` `NVD WooCommerce` -&gt; replacements: `Woo Developer Advisories, GitHub WooCommerce Advisories, OSV WooCommerce` | reason: OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.
- `wordpress` `NVD WordPress` -&gt; replacements: `WordPress Security News RSS, Wordfence Vulnerability Database, WPScan Vulnerability Database` | reason: WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.
</pre>
</div>
</main>

180
08-threat-intel/generated/dashboard/docs/source-map.html
查看文件

@@ -94,19 +94,24 @@ systems:
tier: history-full
advisory_modes: [core, plugin]
official_sources:
- name: WordPress Security News
kind: html-links
url: https://wordpress.org/news/category/security/
- name: WordPress Security News RSS
kind: rss-feed
url: https://wordpress.org/news/category/security/feed/
confidence: official
advisory_mode: core
keywords: [wordpress, security, release]
max_items: 40
request_policy:
user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
- name: NVD WordPress
kind: nvd-search
keyword: WordPress
confidence: official
advisory_mode: core
results_per_page: 50
status: retired
retired_reason: WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.
replacement_sources: [WordPress Security News RSS, Wordfence Vulnerability Database, WPScan Vulnerability Database]
ecosystem_sources:
- name: Wordfence Vulnerability Database
kind: html-links
@@ -166,6 +171,9 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 50
status: retired
retired_reason: OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.
replacement_sources: [Drupal Security Advisories RSS, OSV Drupal]
ecosystem_sources:
- name: Drupal Security Advisories Site
kind: html-links
@@ -186,8 +194,13 @@ systems:
retired_reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
replacement_sources: [Drupal Security Advisories RSS, NVD Drupal]
research_sources: []
ecosystem_sources:
- name: OSV Drupal
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
package_names:
- ecosystem: composer
- ecosystem: Packagist
name: drupal/core
cpe_keys: [&quot;drupal:drupal&quot;]
ghsa_keywords: [drupal, drupal core]
@@ -217,9 +230,18 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 50
ecosystem_sources: []
status: retired
retired_reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
replacement_sources: [Joomla Security Centre, OSV Joomla]
ecosystem_sources:
- name: OSV Joomla
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names: []
package_names:
- ecosystem: Packagist
name: joomla/joomla-cms
cpe_keys: [&quot;joomla:joomla!&quot;]
ghsa_keywords: [joomla]
kev_keywords: [joomla]
@@ -248,7 +270,14 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
replacement_sources: [Ghost GitHub Advisories, OSV Ghost]
ecosystem_sources:
- name: OSV Ghost
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: npm
@@ -355,9 +384,18 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
replacement_sources: [MediaWiki Announce RSS, OSV MediaWiki]
ecosystem_sources:
- name: OSV MediaWiki
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names: []
package_names:
- ecosystem: Packagist
name: mediawiki/core
cpe_keys: [&quot;mediawiki:mediawiki&quot;]
ghsa_keywords: [mediawiki]
kev_keywords: [mediawiki]
@@ -394,9 +432,18 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
replacement_sources: [OSV Moodle]
ecosystem_sources:
- name: OSV Moodle
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names: []
package_names:
- ecosystem: Packagist
name: moodle/moodle
cpe_keys: [&quot;moodle:moodle&quot;]
ghsa_keywords: [moodle]
kev_keywords: [moodle]
@@ -592,10 +639,17 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
replacement_sources: [OpenMage GitHub Advisories, OSV OpenMage]
ecosystem_sources:
- name: OSV OpenMage
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: composer
- ecosystem: Packagist
name: openmage/magento-lts
cpe_keys: []
ghsa_keywords: [openmage, mage-os]
@@ -631,7 +685,14 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.
replacement_sources: [Woo Developer Advisories, GitHub WooCommerce Advisories, OSV WooCommerce]
ecosystem_sources:
- name: OSV WooCommerce
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
- name: Patchstack Database
kind: html-links
url: https://patchstack.com/database/
@@ -650,7 +711,7 @@ systems:
package_names:
- ecosystem: npm
name: &quot;@woocommerce/blocks&quot;
- ecosystem: composer
- ecosystem: Packagist
name: woocommerce/woocommerce
cpe_keys: []
ghsa_keywords: [woocommerce]
@@ -687,7 +748,14 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.
replacement_sources: [PrestaShop Security Page, GitHub PrestaShop Advisories, OSV PrestaShop]
ecosystem_sources:
- name: OSV PrestaShop
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
- name: Friends Of Presta Security
kind: html-links
url: https://security.friendsofpresta.org/
@@ -697,7 +765,7 @@ systems:
max_items: 50
research_sources: []
package_names:
- ecosystem: composer
- ecosystem: Packagist
name: prestashop/prestashop
cpe_keys: [&quot;prestashop:prestashop&quot;]
ghsa_keywords: [prestashop]
@@ -727,10 +795,17 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
replacement_sources: [Shopware Security Advisories, OSV Shopware]
ecosystem_sources:
- name: OSV Shopware
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: composer
- ecosystem: Packagist
name: shopware/platform
cpe_keys: []
ghsa_keywords: [shopware]
@@ -759,10 +834,17 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 50
ecosystem_sources: []
status: retired
retired_reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
replacement_sources: [OpenCart Releases, OSV OpenCart]
ecosystem_sources:
- name: OSV OpenCart
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: composer
- ecosystem: Packagist
name: opencart/opencart
cpe_keys: [&quot;opencart:opencart&quot;]
ghsa_keywords: [opencart]
@@ -791,10 +873,17 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
replacement_sources: [GitHub Saleor Advisories, OSV Saleor]
ecosystem_sources:
- name: OSV Saleor
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: pypi
- ecosystem: PyPI
name: saleor
cpe_keys: []
ghsa_keywords: [saleor]
@@ -1157,6 +1246,9 @@ systems:
confidence: ecosystem-authority
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV Express replaces NVD public search for lower-latency machine-readable collection.
replacement_sources: [OSV Express]
research_sources: []
package_names:
- ecosystem: npm
@@ -1195,6 +1287,9 @@ systems:
confidence: ecosystem-authority
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
replacement_sources: [OSV NestJS]
research_sources: []
package_names:
- ecosystem: npm
@@ -1359,6 +1454,9 @@ systems:
confidence: ecosystem-authority
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
replacement_sources: [OSV Undici]
research_sources: []
package_names:
- ecosystem: npm
@@ -1397,6 +1495,9 @@ systems:
confidence: ecosystem-authority
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
replacement_sources: [OSV webpack]
research_sources: []
package_names:
- ecosystem: npm
@@ -1435,6 +1536,9 @@ systems:
confidence: ecosystem-authority
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV esbuild replaces NVD public search for lower-latency machine-readable collection.
replacement_sources: [OSV esbuild]
research_sources: []
package_names:
- ecosystem: npm
@@ -1775,6 +1879,9 @@ systems:
confidence: ecosystem-authority
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
replacement_sources: [OSV Rails]
research_sources: []
package_names:
- ecosystem: RubyGems
@@ -2083,7 +2190,14 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
replacement_sources: [phpMyAdmin Security Page, OSV phpMyAdmin]
ecosystem_sources:
- name: OSV phpMyAdmin
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: Packagist
@@ -2299,6 +2413,9 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
status: retired
retired_reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
replacement_sources: [Mattermost Security Updates JSON, OSV Mattermost]
- name: Mattermost Security Updates JSON
kind: json-feed
url: https://securityupdates.mattermost.com/security_updates.json
@@ -2307,9 +2424,15 @@ systems:
max_items: 600
request_policy:
accept: application/json
ecosystem_sources: []
ecosystem_sources:
- name: OSV Mattermost
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names: []
package_names:
- ecosystem: Go
name: github.com/mattermost/mattermost-server
cpe_keys: [&quot;mattermost:mattermost&quot;]
ghsa_keywords: [mattermost]
kev_keywords: [mattermost]
@@ -2337,7 +2460,14 @@ systems:
confidence: official
advisory_mode: core
results_per_page: 40
ecosystem_sources: []
status: retired
retired_reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
replacement_sources: [Redmine Security Advisories]
ecosystem_sources:
- name: OSV Redmine
kind: osv-batch
confidence: ecosystem-authority
advisory_mode: core
research_sources: []
package_names:
- ecosystem: RubyGems

16
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,15 +88,15 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-18T21:23:23+00:00`
- 生成时间: `2026-03-19T02:23:04+00:00`
- 最新 advisory 完整度: `89/89` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
- 人工/待补证据数量: `0`
- 完整度百分比: `100.0%`
- active source 全绿: `125/125`
- active source 全绿: `118/118`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-18T21:09:25+00:00`
- 最近一次 source 全绿: `2026-03-19T02:22:24+00:00`
## 系统覆盖矩阵
@@ -117,10 +117,14 @@
## Ingest / Source 健康度
- source failures: `0`
- active sources: `125`
- green sources: `125`
- source failures: `4`
- active sources: `118`
- green sources: `118`
- open alerts: `0`
- django::OSV Django::tls::HTTPSConnectionPool(host=&#x27;api.osv.dev&#x27;, port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, &#x27;EOF occurred in violation of protocol (_ssl.c:1129)&#x27;)))
- flask::OSV Flask::tls::HTTPSConnectionPool(host=&#x27;api.osv.dev&#x27;, port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, &#x27;EOF occurred in violation of protocol (_ssl.c:1129)&#x27;)))
- spring-security::OSV Spring Security::tls::HTTPSConnectionPool(host=&#x27;api.osv.dev&#x27;, port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, &#x27;EOF occurred in violation of protocol (_ssl.c:1129)&#x27;)))
- symfony::OSV Symfony::tls::HTTPSConnectionPool(host=&#x27;api.osv.dev&#x27;, port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, &#x27;EOF occurred in violation of protocol (_ssl.c:1129)&#x27;)))
## 剩余风险说明

36
08-threat-intel/generated/dashboard/runs.json
查看文件

@@ -5961,16 +5961,16 @@
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "medium",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:37:58Z",
"updated_at": "2026-03-13T20:54:25.417862Z",
"updated_at": "2026-03-18T23:58:57.714731Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"https://hackerone.com/reports/3513473",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
@@ -6306,16 +6306,16 @@
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "high",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:41Z",
"updated_at": "2026-03-13T20:54:26.149214Z",
"updated_at": "2026-03-18T22:58:58.908047Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"https://hackerone.com/reports/3487486",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
@@ -6991,16 +6991,16 @@
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "high",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:07:26Z",
"updated_at": "2026-03-14T09:17:45.838435Z",
"updated_at": "2026-03-18T22:58:59.863318Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"https://hackerone.com/reports/3537648",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
@@ -7336,16 +7336,16 @@
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "medium",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:26Z",
"updated_at": "2026-03-13T20:54:25.572106Z",
"updated_at": "2026-03-18T22:58:58.996775Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"https://hackerone.com/reports/3487198",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
@@ -7681,16 +7681,16 @@
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "high",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:41:56Z",
"updated_at": "2026-03-13T20:54:25.563997Z",
"updated_at": "2026-03-18T22:58:59.936049Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"https://hackerone.com/reports/3481206",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://owasp.org/www-community/attacks/Denial_of_Service"
@@ -8029,16 +8029,16 @@
"display_name": "Undici",
"system_id": "undici",
"category": "frameworks",
"severity": "medium",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-13T20:07:03Z",
"updated_at": "2026-03-14T09:19:54.772219Z",
"updated_at": "2026-03-18T22:58:59.626657Z",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"https://hackerone.com/reports/3556037",
"https://cna.openjsf.org/security-advisories.html",
"https://cwe.mitre.org/data/definitions/444.html",
"https://github.com/nodejs/undici",
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"

14
08-threat-intel/generated/dashboard/summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T21:23:23+00:00",
"generated_at": "2026-03-19T02:23:04+00:00",
"advisory_count": 2392,
"run_count": 140,
"statuses": {
@@ -154,11 +154,11 @@
}
],
"monitoring": {
"active_source_count": 125,
"green_source_count": 125,
"active_source_count": 118,
"green_source_count": 118,
"source_failure_count": 0,
"open_alert_count": 0,
"last_fully_green_run": "2026-03-18T21:09:25+00:00"
"last_fully_green_run": "2026-03-19T02:22:24+00:00"
},
"systems": [
{
@@ -667,7 +667,7 @@
"manual": 40,
"browser_required": 0,
"browser_present": 21,
"latest_update": "2026-03-17T16:31:34.160932Z",
"latest_update": "2026-03-18T22:02:16.858114Z",
"category": "frameworks",
"tier": "history-full",
"output_dir": "07-framework-security/frameworks/nextjs",
@@ -1265,7 +1265,7 @@
"manual": 9,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-18T04:03:27+00:00",
"latest_update": "2026-03-18T23:58:57.714731Z",
"category": "frameworks",
"tier": "rolling-24m",
"output_dir": "07-framework-security/frameworks/undici",
@@ -1969,7 +1969,7 @@
"verified_ratio": 100.0,
"complete": true,
"source_failure_count": 0,
"active_source_count": 125,
"active_source_count": 118,
"open_alert_count": 0
}
}

4
08-threat-intel/generated/dashboard/systems.json
查看文件

@@ -505,7 +505,7 @@
"manual": 40,
"browser_required": 0,
"browser_present": 21,
"latest_update": "2026-03-17T16:31:34.160932Z",
"latest_update": "2026-03-18T22:02:16.858114Z",
"category": "frameworks",
"tier": "history-full",
"output_dir": "07-framework-security/frameworks/nextjs",
@@ -1103,7 +1103,7 @@
"manual": 9,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-18T04:03:27+00:00",
"latest_update": "2026-03-18T23:58:57.714731Z",
"category": "frameworks",
"tier": "rolling-24m",
"output_dir": "07-framework-security/frameworks/undici",

13
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,11 +1,18 @@
# 最新同步摘要
- 渲染时间: `2026-03-18T21:23:23+00:00`
- 渲染时间: `2026-03-19T02:23:04+00:00`
- 系统数量: `62`
- Advisory 数量: `2348`
- 重点 Markdown 数量: `156`
- Run Bundle 数量: `89`
- 新增记录: `0`
- 更新记录: `0`
- 更新记录: `7`
- Triage 数量: `1169`
- 失败的 source adapter: `0`
- 失败的 source adapter: `4`
## 失败列表
- django::OSV Django::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))
- flask::OSV Flask::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))
- spring-security::OSV Spring Security::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))
- symfony::OSV Symfony::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))

21
08-threat-intel/generated/monitor-summary.json
查看文件

@@ -1,21 +1,24 @@
{
"generated_at": "2026-03-18T21:09:25+00:00",
"active_source_count": 125,
"green_source_count": 125,
"generated_at": "2026-03-19T02:22:24+00:00",
"active_source_count": 118,
"green_source_count": 118,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 0,
"last_fully_green_run": "2026-03-18T21:09:25+00:00",
"last_fully_green_run": "2026-03-19T02:22:24+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 161,
"retired_source_count": 36
"source_count": 173,
"retired_source_count": 55
},
"ingest": {
"new_count": 0,
"updated_count": 0,
"failure_count": 0,
"systems_touched": []
"updated_count": 7,
"failure_count": 4,
"systems_touched": [
"nextjs",
"undici"
]
},
"validation": {
"passed": true,

278
08-threat-intel/generated/retired-sources.json
查看文件

@@ -105,26 +105,13 @@
{
"system_id": "drupal",
"display_name": "Drupal",
"source_name": "Drupal Security Advisories Site",
"bucket": "ecosystem_sources",
"kind": "html-links",
"retired_reason": "Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.",
"source_name": "NVD Drupal",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.",
"replacement_sources": [
"Drupal Security Advisories RSS",
"GHSA Drupal Core"
],
"url": "https://www.drupal.org/security"
},
{
"system_id": "drupal",
"display_name": "Drupal",
"source_name": "GHSA Drupal Core",
"bucket": "ecosystem_sources",
"kind": "ghsa-global",
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.",
"replacement_sources": [
"Drupal Security Advisories RSS",
"NVD Drupal"
"OSV Drupal"
],
"url": ""
},
@@ -140,6 +127,18 @@
],
"url": ""
},
{
"system_id": "esbuild",
"display_name": "esbuild",
"source_name": "NVD esbuild",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV esbuild replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV esbuild"
],
"url": ""
},
{
"system_id": "express",
"display_name": "Express",
@@ -152,6 +151,18 @@
],
"url": ""
},
{
"system_id": "express",
"display_name": "Express",
"source_name": "NVD Express.js",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Express replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Express"
],
"url": ""
},
{
"system_id": "fastify",
"display_name": "Fastify",
@@ -176,6 +187,19 @@
],
"url": ""
},
{
"system_id": "ghost",
"display_name": "Ghost",
"source_name": "NVD Ghost",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.",
"replacement_sources": [
"Ghost GitHub Advisories",
"OSV Ghost"
],
"url": ""
},
{
"system_id": "hapi",
"display_name": "Hapi",
@@ -200,6 +224,19 @@
],
"url": "https://www.haproxy.org/security/"
},
{
"system_id": "joomla",
"display_name": "Joomla",
"source_name": "NVD Joomla",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.",
"replacement_sources": [
"Joomla Security Centre",
"OSV Joomla"
],
"url": ""
},
{
"system_id": "koa",
"display_name": "Koa",
@@ -236,6 +273,19 @@
],
"url": "https://mattermost.com/security-updates/"
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"source_name": "NVD Mattermost",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.",
"replacement_sources": [
"Mattermost Security Updates JSON",
"OSV Mattermost"
],
"url": ""
},
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
@@ -249,6 +299,19 @@
],
"url": "https://www.mediawiki.org/wiki/Security"
},
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
"source_name": "NVD MediaWiki",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.",
"replacement_sources": [
"MediaWiki Announce RSS",
"OSV MediaWiki"
],
"url": ""
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -261,6 +324,18 @@
],
"url": "https://moodle.org/security/"
},
{
"system_id": "moodle",
"display_name": "Moodle",
"source_name": "NVD Moodle",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.",
"replacement_sources": [
"OSV Moodle"
],
"url": ""
},
{
"system_id": "nestjs",
"display_name": "NestJS",
@@ -273,6 +348,18 @@
],
"url": ""
},
{
"system_id": "nestjs",
"display_name": "NestJS",
"source_name": "NVD NestJS",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV NestJS replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV NestJS"
],
"url": ""
},
{
"system_id": "nextjs",
"display_name": "Next.js",
@@ -299,6 +386,59 @@
],
"url": ""
},
{
"system_id": "opencart",
"display_name": "OpenCart",
"source_name": "NVD OpenCart",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.",
"replacement_sources": [
"OpenCart Releases",
"OSV OpenCart"
],
"url": ""
},
{
"system_id": "openmage",
"display_name": "OpenMage / Mage-OS",
"source_name": "NVD OpenMage",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV OpenMage replaces NVD for machine-readable composer-aligned collection.",
"replacement_sources": [
"OpenMage GitHub Advisories",
"OSV OpenMage"
],
"url": ""
},
{
"system_id": "phpmyadmin",
"display_name": "phpMyAdmin",
"source_name": "NVD phpMyAdmin",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.",
"replacement_sources": [
"phpMyAdmin Security Page",
"OSV phpMyAdmin"
],
"url": ""
},
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"source_name": "NVD PrestaShop",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.",
"replacement_sources": [
"PrestaShop Security Page",
"GitHub PrestaShop Advisories",
"OSV PrestaShop"
],
"url": ""
},
{
"system_id": "rails",
"display_name": "Ruby on Rails",
@@ -311,6 +451,18 @@
],
"url": ""
},
{
"system_id": "rails",
"display_name": "Ruby on Rails",
"source_name": "NVD Ruby on Rails",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Rails replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Rails"
],
"url": ""
},
{
"system_id": "react",
"display_name": "React",
@@ -324,6 +476,44 @@
],
"url": ""
},
{
"system_id": "redmine",
"display_name": "Redmine",
"source_name": "NVD Redmine",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.",
"replacement_sources": [
"Redmine Security Advisories"
],
"url": ""
},
{
"system_id": "saleor",
"display_name": "Saleor",
"source_name": "NVD Saleor",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.",
"replacement_sources": [
"GitHub Saleor Advisories",
"OSV Saleor"
],
"url": ""
},
{
"system_id": "shopware",
"display_name": "Shopware",
"source_name": "NVD Shopware",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.",
"replacement_sources": [
"Shopware Security Advisories",
"OSV Shopware"
],
"url": ""
},
{
"system_id": "spring-boot",
"display_name": "Spring Boot",
@@ -399,6 +589,18 @@
],
"url": ""
},
{
"system_id": "undici",
"display_name": "Undici",
"source_name": "NVD Undici",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Undici replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Undici"
],
"url": ""
},
{
"system_id": "vite",
"display_name": "Vite",
@@ -437,6 +639,18 @@
],
"url": ""
},
{
"system_id": "webpack",
"display_name": "webpack",
"source_name": "NVD webpack",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV webpack replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV webpack"
],
"url": ""
},
{
"system_id": "werkzeug",
"display_name": "Werkzeug",
@@ -448,5 +662,33 @@
"OSV Werkzeug"
],
"url": ""
},
{
"system_id": "woocommerce",
"display_name": "WooCommerce",
"source_name": "NVD WooCommerce",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.",
"replacement_sources": [
"Woo Developer Advisories",
"GitHub WooCommerce Advisories",
"OSV WooCommerce"
],
"url": ""
},
{
"system_id": "wordpress",
"display_name": "WordPress",
"source_name": "NVD WordPress",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.",
"replacement_sources": [
"WordPress Security News RSS",
"Wordfence Vulnerability Database",
"WPScan Vulnerability Database"
],
"url": ""
}
]

68
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,12 +1,72 @@
{
"generated_at": "2026-03-18T21:23:23+00:00",
"generated_at": "2026-03-19T02:23:04+00:00",
"system_count": 62,
"advisory_count": 2348,
"markdown_count": 156,
"new_count": 0,
"updated_count": 0,
"systems_touched": [],
"updated_count": 7,
"systems_touched": [
"nextjs",
"undici"
],
"triage_count": 1169,
"run_bundle_count": 89,
"failures": []
"failures": [
{
"system_id": "django",
"display_name": "Django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"source_bucket": "official_sources",
"category": "tls",
"exception": "SSLError",
"message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"status_code": null,
"url": "",
"summary": "django::OSV Django::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"elapsed_seconds": 25.112
},
{
"system_id": "flask",
"display_name": "Flask",
"source_name": "OSV Flask",
"source_kind": "osv-batch",
"source_bucket": "official_sources",
"category": "tls",
"exception": "SSLError",
"message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"status_code": null,
"url": "",
"summary": "flask::OSV Flask::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"elapsed_seconds": 25.129
},
{
"system_id": "spring-security",
"display_name": "Spring Security",
"source_name": "OSV Spring Security",
"source_kind": "osv-batch",
"source_bucket": "ecosystem_sources",
"category": "tls",
"exception": "SSLError",
"message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"status_code": null,
"url": "",
"summary": "spring-security::OSV Spring Security::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"elapsed_seconds": 25.247
},
{
"system_id": "symfony",
"display_name": "Symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"source_bucket": "official_sources",
"category": "tls",
"exception": "SSLError",
"message": "HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"status_code": null,
"url": "",
"summary": "symfony::OSV Symfony::tls::HTTPSConnectionPool(host='api.osv.dev', port=443): Max retries exceeded with url: /v1/querybatch (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))",
"elapsed_seconds": 25.232
}
]
}

623
08-threat-intel/generated/source-catalog-audit.json
查看文件

@@ -1,10 +1,10 @@
{
"generated_at": "2026-03-18T21:16:34+00:00",
"generated_at": "2026-03-19T02:22:09+00:00",
"system_count": 62,
"source_count": 161,
"active_source_count": 125,
"retired_source_count": 36,
"systems_with_active_official": 62,
"source_count": 173,
"active_source_count": 118,
"retired_source_count": 55,
"systems_with_active_official": 61,
"systems_with_machine_readable_source": 62,
"systems": [
{
@@ -177,11 +177,11 @@
"display_name": "Drupal",
"category": "cms",
"tier": "history-full",
"source_total": 4,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 2,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 2,
"has_active_official": true,
@@ -208,12 +208,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -223,12 +223,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -267,11 +267,11 @@
"display_name": "Ghost",
"category": "cms",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -387,11 +387,11 @@
"display_name": "Joomla",
"category": "cms",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -462,11 +462,11 @@
"display_name": "Mattermost",
"category": "platforms",
"tier": "rolling-24m",
"source_total": 3,
"source_total": 4,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 2,
"has_active_official": true,
@@ -477,11 +477,11 @@
"display_name": "MediaWiki",
"category": "cms",
"tier": "rolling-24m",
"source_total": 3,
"source_total": 4,
"active_source_total": 2,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 2,
"has_active_official": true,
@@ -507,14 +507,14 @@
"display_name": "Moodle",
"category": "cms",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 1,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 0,
"retired_source_total": 2,
"official_active": 0,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
"has_active_official": false,
"has_machine_readable_source": true
},
{
@@ -523,12 +523,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -597,11 +597,11 @@
"display_name": "OpenCart",
"category": "ecommerce",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -612,11 +612,11 @@
"display_name": "OpenMage / Mage-OS",
"category": "ecommerce",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -627,11 +627,11 @@
"display_name": "phpMyAdmin",
"category": "platforms",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -642,11 +642,11 @@
"display_name": "PrestaShop",
"category": "ecommerce",
"tier": "history-full",
"source_total": 4,
"source_total": 5,
"active_source_total": 4,
"retired_source_total": 0,
"official_active": 3,
"ecosystem_active": 1,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 2,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -658,12 +658,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -687,11 +687,11 @@
"display_name": "Redmine",
"category": "platforms",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -702,11 +702,11 @@
"display_name": "Saleor",
"category": "ecommerce",
"tier": "rolling-24m",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -717,11 +717,11 @@
"display_name": "Shopware",
"category": "ecommerce",
"tier": "history-full",
"source_total": 2,
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 0,
"official_active": 2,
"ecosystem_active": 0,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 1,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -838,12 +838,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -883,12 +883,12 @@
"category": "frameworks",
"tier": "rolling-24m",
"source_total": 3,
"active_source_total": 2,
"retired_source_total": 1,
"active_source_total": 1,
"retired_source_total": 2,
"official_active": 1,
"ecosystem_active": 1,
"ecosystem_active": 0,
"research_active": 0,
"machine_readable_active": 2,
"machine_readable_active": 1,
"has_active_official": true,
"has_machine_readable_source": true
},
@@ -912,11 +912,11 @@
"display_name": "WooCommerce",
"category": "ecommerce",
"tier": "history-full",
"source_total": 5,
"source_total": 6,
"active_source_total": 5,
"retired_source_total": 0,
"official_active": 3,
"ecosystem_active": 2,
"retired_source_total": 1,
"official_active": 2,
"ecosystem_active": 3,
"research_active": 0,
"machine_readable_active": 1,
"has_active_official": true,
@@ -928,9 +928,9 @@
"category": "cms",
"tier": "history-full",
"source_total": 6,
"active_source_total": 6,
"retired_source_total": 0,
"official_active": 2,
"active_source_total": 5,
"retired_source_total": 1,
"official_active": 1,
"ecosystem_active": 3,
"research_active": 1,
"machine_readable_active": 1,
@@ -1045,26 +1045,13 @@
{
"system_id": "drupal",
"display_name": "Drupal",
"source_name": "Drupal Security Advisories Site",
"bucket": "ecosystem_sources",
"kind": "html-links",
"retired_reason": "Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.",
"source_name": "NVD Drupal",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.",
"replacement_sources": [
"Drupal Security Advisories RSS",
"GHSA Drupal Core"
],
"url": "https://www.drupal.org/security"
},
{
"system_id": "drupal",
"display_name": "Drupal",
"source_name": "GHSA Drupal Core",
"bucket": "ecosystem_sources",
"kind": "ghsa-global",
"retired_reason": "Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.",
"replacement_sources": [
"Drupal Security Advisories RSS",
"NVD Drupal"
"OSV Drupal"
],
"url": ""
},
@@ -1080,6 +1067,18 @@
],
"url": ""
},
{
"system_id": "esbuild",
"display_name": "esbuild",
"source_name": "NVD esbuild",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV esbuild replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV esbuild"
],
"url": ""
},
{
"system_id": "express",
"display_name": "Express",
@@ -1092,6 +1091,18 @@
],
"url": ""
},
{
"system_id": "express",
"display_name": "Express",
"source_name": "NVD Express.js",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Express replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Express"
],
"url": ""
},
{
"system_id": "fastify",
"display_name": "Fastify",
@@ -1116,6 +1127,19 @@
],
"url": ""
},
{
"system_id": "ghost",
"display_name": "Ghost",
"source_name": "NVD Ghost",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.",
"replacement_sources": [
"Ghost GitHub Advisories",
"OSV Ghost"
],
"url": ""
},
{
"system_id": "hapi",
"display_name": "Hapi",
@@ -1140,6 +1164,19 @@
],
"url": "https://www.haproxy.org/security/"
},
{
"system_id": "joomla",
"display_name": "Joomla",
"source_name": "NVD Joomla",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.",
"replacement_sources": [
"Joomla Security Centre",
"OSV Joomla"
],
"url": ""
},
{
"system_id": "koa",
"display_name": "Koa",
@@ -1176,6 +1213,19 @@
],
"url": "https://mattermost.com/security-updates/"
},
{
"system_id": "mattermost",
"display_name": "Mattermost",
"source_name": "NVD Mattermost",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.",
"replacement_sources": [
"Mattermost Security Updates JSON",
"OSV Mattermost"
],
"url": ""
},
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
@@ -1189,6 +1239,19 @@
],
"url": "https://www.mediawiki.org/wiki/Security"
},
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
"source_name": "NVD MediaWiki",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.",
"replacement_sources": [
"MediaWiki Announce RSS",
"OSV MediaWiki"
],
"url": ""
},
{
"system_id": "moodle",
"display_name": "Moodle",
@@ -1201,6 +1264,18 @@
],
"url": "https://moodle.org/security/"
},
{
"system_id": "moodle",
"display_name": "Moodle",
"source_name": "NVD Moodle",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.",
"replacement_sources": [
"OSV Moodle"
],
"url": ""
},
{
"system_id": "nestjs",
"display_name": "NestJS",
@@ -1213,6 +1288,18 @@
],
"url": ""
},
{
"system_id": "nestjs",
"display_name": "NestJS",
"source_name": "NVD NestJS",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV NestJS replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV NestJS"
],
"url": ""
},
{
"system_id": "nextjs",
"display_name": "Next.js",
@@ -1239,6 +1326,59 @@
],
"url": ""
},
{
"system_id": "opencart",
"display_name": "OpenCart",
"source_name": "NVD OpenCart",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.",
"replacement_sources": [
"OpenCart Releases",
"OSV OpenCart"
],
"url": ""
},
{
"system_id": "openmage",
"display_name": "OpenMage / Mage-OS",
"source_name": "NVD OpenMage",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV OpenMage replaces NVD for machine-readable composer-aligned collection.",
"replacement_sources": [
"OpenMage GitHub Advisories",
"OSV OpenMage"
],
"url": ""
},
{
"system_id": "phpmyadmin",
"display_name": "phpMyAdmin",
"source_name": "NVD phpMyAdmin",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.",
"replacement_sources": [
"phpMyAdmin Security Page",
"OSV phpMyAdmin"
],
"url": ""
},
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"source_name": "NVD PrestaShop",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.",
"replacement_sources": [
"PrestaShop Security Page",
"GitHub PrestaShop Advisories",
"OSV PrestaShop"
],
"url": ""
},
{
"system_id": "rails",
"display_name": "Ruby on Rails",
@@ -1251,6 +1391,18 @@
],
"url": ""
},
{
"system_id": "rails",
"display_name": "Ruby on Rails",
"source_name": "NVD Ruby on Rails",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Rails replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Rails"
],
"url": ""
},
{
"system_id": "react",
"display_name": "React",
@@ -1264,6 +1416,44 @@
],
"url": ""
},
{
"system_id": "redmine",
"display_name": "Redmine",
"source_name": "NVD Redmine",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.",
"replacement_sources": [
"Redmine Security Advisories"
],
"url": ""
},
{
"system_id": "saleor",
"display_name": "Saleor",
"source_name": "NVD Saleor",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.",
"replacement_sources": [
"GitHub Saleor Advisories",
"OSV Saleor"
],
"url": ""
},
{
"system_id": "shopware",
"display_name": "Shopware",
"source_name": "NVD Shopware",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.",
"replacement_sources": [
"Shopware Security Advisories",
"OSV Shopware"
],
"url": ""
},
{
"system_id": "spring-boot",
"display_name": "Spring Boot",
@@ -1339,6 +1529,18 @@
],
"url": ""
},
{
"system_id": "undici",
"display_name": "Undici",
"source_name": "NVD Undici",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV Undici replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV Undici"
],
"url": ""
},
{
"system_id": "vite",
"display_name": "Vite",
@@ -1377,6 +1579,18 @@
],
"url": ""
},
{
"system_id": "webpack",
"display_name": "webpack",
"source_name": "NVD webpack",
"bucket": "ecosystem_sources",
"kind": "nvd-search",
"retired_reason": "OSV webpack replaces NVD public search for lower-latency machine-readable collection.",
"replacement_sources": [
"OSV webpack"
],
"url": ""
},
{
"system_id": "werkzeug",
"display_name": "Werkzeug",
@@ -1388,6 +1602,34 @@
"OSV Werkzeug"
],
"url": ""
},
{
"system_id": "woocommerce",
"display_name": "WooCommerce",
"source_name": "NVD WooCommerce",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.",
"replacement_sources": [
"Woo Developer Advisories",
"GitHub WooCommerce Advisories",
"OSV WooCommerce"
],
"url": ""
},
{
"system_id": "wordpress",
"display_name": "WordPress",
"source_name": "NVD WordPress",
"bucket": "official_sources",
"kind": "nvd-search",
"retired_reason": "WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.",
"replacement_sources": [
"WordPress Security News RSS",
"Wordfence Vulnerability Database",
"WPScan Vulnerability Database"
],
"url": ""
}
],
"replacement_map": [
@@ -1456,18 +1698,10 @@
},
{
"system_id": "drupal",
"retired_source": "Drupal Security Advisories Site",
"retired_source": "NVD Drupal",
"replacement_sources": [
"Drupal Security Advisories RSS",
"GHSA Drupal Core"
]
},
{
"system_id": "drupal",
"retired_source": "GHSA Drupal Core",
"replacement_sources": [
"Drupal Security Advisories RSS",
"NVD Drupal"
"OSV Drupal"
]
},
{
@@ -1477,6 +1711,13 @@
"OSV esbuild"
]
},
{
"system_id": "esbuild",
"retired_source": "NVD esbuild",
"replacement_sources": [
"OSV esbuild"
]
},
{
"system_id": "express",
"retired_source": "GitHub Global Advisories",
@@ -1484,6 +1725,13 @@
"OSV Express"
]
},
{
"system_id": "express",
"retired_source": "NVD Express.js",
"replacement_sources": [
"OSV Express"
]
},
{
"system_id": "fastify",
"retired_source": "GitHub Global Advisories",
@@ -1498,6 +1746,14 @@
"OSV Flask"
]
},
{
"system_id": "ghost",
"retired_source": "NVD Ghost",
"replacement_sources": [
"Ghost GitHub Advisories",
"OSV Ghost"
]
},
{
"system_id": "hapi",
"retired_source": "GitHub Global Advisories",
@@ -1512,6 +1768,14 @@
"HAProxy Blog Feed"
]
},
{
"system_id": "joomla",
"retired_source": "NVD Joomla",
"replacement_sources": [
"Joomla Security Centre",
"OSV Joomla"
]
},
{
"system_id": "koa",
"retired_source": "GitHub Global Advisories",
@@ -1533,6 +1797,14 @@
"NVD Mattermost"
]
},
{
"system_id": "mattermost",
"retired_source": "NVD Mattermost",
"replacement_sources": [
"Mattermost Security Updates JSON",
"OSV Mattermost"
]
},
{
"system_id": "mediawiki",
"retired_source": "MediaWiki Security Releases",
@@ -1541,6 +1813,14 @@
"NVD MediaWiki"
]
},
{
"system_id": "mediawiki",
"retired_source": "NVD MediaWiki",
"replacement_sources": [
"MediaWiki Announce RSS",
"OSV MediaWiki"
]
},
{
"system_id": "moodle",
"retired_source": "Moodle Security News",
@@ -1548,6 +1828,13 @@
"NVD Moodle"
]
},
{
"system_id": "moodle",
"retired_source": "NVD Moodle",
"replacement_sources": [
"OSV Moodle"
]
},
{
"system_id": "nestjs",
"retired_source": "GitHub Global Advisories",
@@ -1555,6 +1842,13 @@
"OSV NestJS"
]
},
{
"system_id": "nestjs",
"retired_source": "NVD NestJS",
"replacement_sources": [
"OSV NestJS"
]
},
{
"system_id": "nextjs",
"retired_source": "GitHub Global Advisories",
@@ -1571,6 +1865,39 @@
"OSV Nuxt"
]
},
{
"system_id": "opencart",
"retired_source": "NVD OpenCart",
"replacement_sources": [
"OpenCart Releases",
"OSV OpenCart"
]
},
{
"system_id": "openmage",
"retired_source": "NVD OpenMage",
"replacement_sources": [
"OpenMage GitHub Advisories",
"OSV OpenMage"
]
},
{
"system_id": "phpmyadmin",
"retired_source": "NVD phpMyAdmin",
"replacement_sources": [
"phpMyAdmin Security Page",
"OSV phpMyAdmin"
]
},
{
"system_id": "prestashop",
"retired_source": "NVD PrestaShop",
"replacement_sources": [
"PrestaShop Security Page",
"GitHub PrestaShop Advisories",
"OSV PrestaShop"
]
},
{
"system_id": "rails",
"retired_source": "GitHub Global Advisories",
@@ -1578,6 +1905,13 @@
"OSV Rails"
]
},
{
"system_id": "rails",
"retired_source": "NVD Ruby on Rails",
"replacement_sources": [
"OSV Rails"
]
},
{
"system_id": "react",
"retired_source": "GitHub Global Advisories",
@@ -1586,6 +1920,29 @@
"OSV React"
]
},
{
"system_id": "redmine",
"retired_source": "NVD Redmine",
"replacement_sources": [
"Redmine Security Advisories"
]
},
{
"system_id": "saleor",
"retired_source": "NVD Saleor",
"replacement_sources": [
"GitHub Saleor Advisories",
"OSV Saleor"
]
},
{
"system_id": "shopware",
"retired_source": "NVD Shopware",
"replacement_sources": [
"Shopware Security Advisories",
"OSV Shopware"
]
},
{
"system_id": "spring-boot",
"retired_source": "GitHub Global Advisories",
@@ -1631,6 +1988,13 @@
"OSV Undici"
]
},
{
"system_id": "undici",
"retired_source": "NVD Undici",
"replacement_sources": [
"OSV Undici"
]
},
{
"system_id": "vite",
"retired_source": "GitHub Global Advisories",
@@ -1654,12 +2018,37 @@
"OSV webpack"
]
},
{
"system_id": "webpack",
"retired_source": "NVD webpack",
"replacement_sources": [
"OSV webpack"
]
},
{
"system_id": "werkzeug",
"retired_source": "GitHub Global Advisories",
"replacement_sources": [
"OSV Werkzeug"
]
},
{
"system_id": "woocommerce",
"retired_source": "NVD WooCommerce",
"replacement_sources": [
"Woo Developer Advisories",
"GitHub WooCommerce Advisories",
"OSV WooCommerce"
]
},
{
"system_id": "wordpress",
"retired_source": "NVD WordPress",
"replacement_sources": [
"WordPress Security News RSS",
"Wordfence Vulnerability Database",
"WPScan Vulnerability Database"
]
}
]
}

33
08-threat-intel/generated/source-catalog-audit.md
查看文件

@@ -1,11 +1,11 @@
# Source Catalog Audit
- generated_at: `2026-03-18T21:16:34+00:00`
- generated_at: `2026-03-19T02:22:09+00:00`
- systems: `62`
- sources: `161`
- active_sources: `125`
- retired_sources: `36`
- systems_with_active_official: `62/62`
- sources: `173`
- active_sources: `118`
- retired_sources: `55`
- systems_with_active_official: `61/62`
- systems_with_machine_readable_source: `62/62`
## Retired Sources
@@ -18,31 +18,50 @@
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
- `drupal` `Drupal Security Advisories Site` -> replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
- `drupal` `GHSA Drupal Core` -> replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
- `drupal` `NVD Drupal` -> replacements: `Drupal Security Advisories RSS, OSV Drupal` | reason: OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.
- `esbuild` `GitHub Global Advisories` -> replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
- `esbuild` `NVD esbuild` -> replacements: `OSV esbuild` | reason: OSV esbuild replaces NVD public search for lower-latency machine-readable collection.
- `express` `GitHub Global Advisories` -> replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
- `express` `NVD Express.js` -> replacements: `OSV Express` | reason: OSV Express replaces NVD public search for lower-latency machine-readable collection.
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
- `ghost` `NVD Ghost` -> replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
- `joomla` `NVD Joomla` -> replacements: `Joomla Security Centre, OSV Joomla` | reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
- `mattermost` `NVD Mattermost` -> replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
- `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
- `mediawiki` `NVD MediaWiki` -> replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
- `moodle` `NVD Moodle` -> replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
- `nestjs` `NVD NestJS` -> replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
- `opencart` `NVD OpenCart` -> replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
- `openmage` `NVD OpenMage` -> replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
- `phpmyadmin` `NVD phpMyAdmin` -> replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
- `prestashop` `NVD PrestaShop` -> replacements: `PrestaShop Security Page, GitHub PrestaShop Advisories, OSV PrestaShop` | reason: OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
- `rails` `NVD Ruby on Rails` -> replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
- `redmine` `NVD Redmine` -> replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
- `saleor` `NVD Saleor` -> replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
- `shopware` `NVD Shopware` -> replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Boot` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Framework` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
- `undici` `NVD Undici` -> replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
- `webpack` `NVD webpack` -> replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
- `woocommerce` `NVD WooCommerce` -> replacements: `Woo Developer Advisories, GitHub WooCommerce Advisories, OSV WooCommerce` | reason: OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.
- `wordpress` `NVD WordPress` -> replacements: `WordPress Security News RSS, Wordfence Vulnerability Database, WPScan Vulnerability Database` | reason: WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.

337
08-threat-intel/generated/source-health.json
查看文件

文件差异内容过多而无法显示 加载差异

3
08-threat-intel/registry/advisories/nextjs--CVE-2026-29057.json
查看文件

@@ -7,13 +7,14 @@
"title": "Next.js: HTTP request smuggling in rewrites",
"summary": "## Summary\nWhen Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.\n\n## Impact\nAn attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. \n\n## Patches\nThe vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency\u2019s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Block chunked `DELETE`/`OPTIONS` requests on rewritten routes at your edge/proxy.\n- Enforce authentication/authorization on backend routes per our [security guidance](https://nextjs.org/docs/app/guides/data-security).",
"published_at": "2026-03-17T16:17:15Z",
"updated_at": "2026-03-17T16:31:26.646070Z",
"updated_at": "2026-03-18T22:02:16.858114Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-29057",
"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.13",

14
08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
查看文件

@@ -7,16 +7,16 @@
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
"published_at": "2026-03-13T20:07:03Z",
"updated_at": "2026-03-14T09:19:54.772219Z",
"severity": "medium",
"updated_at": "2026-03-18T22:58:59.626657Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"https://hackerone.com/reports/3556037",
"https://cna.openjsf.org/security-advisories.html",
"https://cwe.mitre.org/data/definitions/444.html",
"https://github.com/nodejs/undici",
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
@@ -69,13 +69,11 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
"OSV Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
"osv-batch"
],
"candidate_count": 2
"candidate_count": 1
}
}

14
08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
查看文件

@@ -7,16 +7,16 @@
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
"published_at": "2026-03-13T20:41:56Z",
"updated_at": "2026-03-13T20:54:25.563997Z",
"severity": "high",
"updated_at": "2026-03-18T22:58:59.936049Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"https://hackerone.com/reports/3481206",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://owasp.org/www-community/attacks/Denial_of_Service"
@@ -69,13 +69,11 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
"OSV Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
"osv-batch"
],
"candidate_count": 2
"candidate_count": 1
}
}

14
08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
查看文件

@@ -7,16 +7,16 @@
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
"published_at": "2026-03-13T20:41:26Z",
"updated_at": "2026-03-13T20:54:25.572106Z",
"severity": "medium",
"updated_at": "2026-03-18T22:58:58.996775Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"https://hackerone.com/reports/3487198",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
@@ -66,13 +66,11 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
"OSV Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
"osv-batch"
],
"candidate_count": 2
"candidate_count": 1
}
}

14
08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
查看文件

@@ -7,16 +7,16 @@
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
"published_at": "2026-03-13T20:07:26Z",
"updated_at": "2026-03-14T09:17:45.838435Z",
"severity": "high",
"updated_at": "2026-03-18T22:58:59.863318Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"https://hackerone.com/reports/3537648",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
@@ -66,13 +66,11 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
"OSV Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
"osv-batch"
],
"candidate_count": 2
"candidate_count": 1
}
}

14
08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
查看文件

@@ -7,16 +7,16 @@
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
"published_at": "2026-03-13T20:41:41Z",
"updated_at": "2026-03-13T20:54:26.149214Z",
"severity": "high",
"updated_at": "2026-03-18T22:58:58.908047Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"https://hackerone.com/reports/3487486",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
@@ -69,13 +69,11 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
"OSV Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
"osv-batch"
],
"candidate_count": 2
"candidate_count": 1
}
}

14
08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
查看文件

@@ -7,16 +7,16 @@
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
"published_at": "2026-03-13T20:37:58Z",
"updated_at": "2026-03-13T20:54:25.417862Z",
"severity": "medium",
"updated_at": "2026-03-18T23:58:57.714731Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"secondary_source_urls": [
"https://cna.openjsf.org/security-advisories.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"https://hackerone.com/reports/3513473",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
@@ -64,13 +64,11 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici",
"NVD Undici"
"OSV Undici"
],
"source_kinds": [
"osv-batch",
"nvd-search"
"osv-batch"
],
"candidate_count": 2
"candidate_count": 1
}
}

3550
08-threat-intel/registry/monitoring/2026-03-19T02-22-24+00-00.json 普通文件
查看文件

文件差异内容过多而无法显示 加载差异

某些文件未显示,因为此 diff 中更改的文件太多 显示更多