{ "generated_at": "2026-03-18T03:59:28+00:00", "advisory_count": 89, "run_count": 114, "statuses": { "verified-real": 67, "triage-manual": 22 }, "run_statuses": { "verified-real": 110, "blocked-artifact": 3, "triage-manual": 1 }, "recent_failures": [ { "run_id": "", "advisory_id": "undici--CVE-2026-1525", "status": "triage-manual", "title": "Undici has an HTTP Request/Response Smuggling issue", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2026-1528", "status": "triage-manual", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2022-32210", "status": "triage-manual", "title": "ProxyAgent vulnerable to MITM", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2026-2229", "status": "triage-manual", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2026-1527", "status": "triage-manual", "title": "Undici has CRLF Injection in undici via `upgrade` option", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2026-1526", "status": "triage-manual", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2026-2581", "status": "triage-manual", "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2025-47279", "status": "triage-manual", "title": "undici Denial of Service attack via bad certificate data", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-31125", "status": "triage-manual", "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-58752", "status": "triage-manual", "title": "Vite's `server.fs` settings were not applied to HTML files", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-58751", "status": "triage-manual", "title": "Vite middleware may serve files starting with the same name with the public directory", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-62522", "status": "triage-manual", "title": "vite allows server.fs.deny bypass via backslash on Windows", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-32395", "status": "triage-manual", "title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2024-45811", "status": "triage-manual", "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-31486", "status": "triage-manual", "title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-46565", "status": "triage-manual", "title": "Vite's server.fs.deny bypassed with /. for files under project root", "blocked_reason": null }, { "run_id": "", "advisory_id": "vite--CVE-2025-30208", "status": "triage-manual", "title": "Vite bypasses server.fs.deny when using ?raw??", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2026-22036", "status": "triage-manual", "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2023-45143", "status": "triage-manual", "title": "Undici's cookie header not cleared on cross-origin redirect in fetch", "blocked_reason": null }, { "run_id": "", "advisory_id": "undici--CVE-2025-22150", "status": "triage-manual", "title": "Use of Insufficiently Random Values in undici", "blocked_reason": null } ], "systems": [ { "system_id": "gitea", "display_name": "Gitea", "total": 37, "verified_real": 37, "verified_synthetic": 0, "blocked": 0, "manual": 0, "browser_required": 5, "browser_present": 33, "latest_update": "2026-03-03T04:57:57.697708Z", "category": "platforms", "tier": "rolling-24m", "output_dir": "07-framework-security/platforms/gitea", "families": [ { "family": "authz-bypass", "total": 3, "verified_real": 3, "manual": 0 }, { "family": "file-upload", "total": 2, "verified_real": 2, "manual": 0 }, { "family": "proxy-boundary", "total": 26, "verified_real": 26, "manual": 0 }, { "family": "ssrf", "total": 1, "verified_real": 1, "manual": 0 }, { "family": "xss", "total": 5, "verified_real": 5, "manual": 0 } ] }, { "system_id": "nextjs", "display_name": "Next.js", "total": 26, "verified_real": 26, "verified_synthetic": 0, "blocked": 0, "manual": 0, "browser_required": 2, "browser_present": 21, "latest_update": "2026-03-13T22:14:13.665535Z", "category": "frameworks", "tier": "history-full", "output_dir": "07-framework-security/frameworks/nextjs", "families": [ { "family": "authz-bypass", "total": 2, "verified_real": 2, "manual": 0 }, { "family": "deserialization", "total": 1, "verified_real": 1, "manual": 0 }, { "family": "proxy-boundary", "total": 19, "verified_real": 19, "manual": 0 }, { "family": "ssrf", "total": 2, "verified_real": 2, "manual": 0 }, { "family": "xss", "total": 2, "verified_real": 2, "manual": 0 } ] }, { "system_id": "undici", "display_name": "Undici", "total": 14, "verified_real": 1, "verified_synthetic": 0, "blocked": 0, "manual": 13, "browser_required": 0, "browser_present": 0, "latest_update": "2026-03-14T09:19:54.772219Z", "category": "frameworks", "tier": "rolling-24m", "output_dir": "07-framework-security/frameworks/undici", "families": [ { "family": "ssrf", "total": 14, "verified_real": 1, "manual": 13 } ] }, { "system_id": "vite", "display_name": "Vite", "total": 12, "verified_real": 3, "verified_synthetic": 0, "blocked": 0, "manual": 9, "browser_required": 3, "browser_present": 3, "latest_update": "2026-02-04T04:37:24.129476Z", "category": "frameworks", "tier": "history-full", "output_dir": "07-framework-security/frameworks/vite", "families": [ { "family": "file-upload", "total": 9, "verified_real": 0, "manual": 9 }, { "family": "proxy-boundary", "total": 2, "verified_real": 2, "manual": 0 }, { "family": "xss", "total": 1, "verified_real": 1, "manual": 0 } ] } ], "completeness": { "advisory_total": 89, "verified_real": 67, "verified_synthetic": 0, "blocked": 0, "manual": 22, "verified_ratio": 75.3, "complete": false } }