当前架构库镜像
{
"generated_at": "2026-03-17T12:44:25+00:00",
"title": "当前架构库",
"summary": "工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。",
"sections": [
{
"title": "仓库定位与当前状态",
"summary": "授权攻防实验与研究知识库;仅适用于自有资产、本地靶场和明确授权目标。",
"open": true,
"badges": [
"LAB ONLY",
"AUTHORIZED TARGETS ONLY",
"非生产安全基线"
],
"stats": [
{
"label": "纳管系统",
"value": "62"
},
{
"label": "历史全量系统",
"value": "18"
},
{
"label": "近两年全量系统",
"value": "44"
},
{
"label": "当前运行",
"value": "3"
},
{
"label": "当前漏洞条目",
"value": "89"
}
],
"fields": [
{
"label": "仓库根目录",
"value": "/Users/x/websafe"
},
{
"label": "默认本地地址",
"value": "http://127.0.0.1:8734/"
},
{
"label": "自动刷新周期",
"value": "5 秒"
},
{
"label": "生成时间",
"value": "2026-03-17T12:44:25+00:00"
}
],
"links": [
{
"label": "总览首页",
"href": "/overview/index.html",
"description": "工作台总览、最新运行和全局摘要。"
},
{
"label": "运行中心",
"href": "/runs/index.html",
"description": "运行队列、详情、证据和日志入口。"
},
{
"label": "系统分组",
"href": "/systems/index.html",
"description": "按系统和分类浏览覆盖情况。"
},
{
"label": "架构库",
"href": "/architecture/index.html",
"description": "查看控制面、数据层和授权边界。"
}
]
},
{
"title": "授权边界与目标模型",
"summary": "所有实验都绑定到本地、自建公网或明确授权目标,不面向无关第三方资产。",
"open": true,
"stats": [
{
"label": "允许目标类型",
"value": "3"
},
{
"label": "禁止类型",
"value": "1"
}
],
"fields": [
{
"label": "允许目标",
"value": "lab-local\nlab-public\nauthorized-third-party"
},
{
"label": "禁止目标",
"value": "out-of-scope\n无归属证明目标\n公共知名站点\n泛互联网枚举"
},
{
"label": "全局原则",
"value": "任何公网验证前先确认资产归属或授权关系。\n优先只读探测、最小化回显验证和低频实验。\n涉及账户、令牌、敏感数据和业务写入时采用最小必要动作。\n不做泛互联网枚举,不对无关公共站点复用同类测试。"
}
],
"links": [
{
"label": "授权模型镜像",
"href": "./docs/authorization-model.html",
"description": "目标分类、原则与记录要求。"
},
{
"label": "仓库入口镜像",
"href": "./docs/root-readme.html",
"description": "仓库定位、能力矩阵与自动化入口。"
}
]
},
{
"title": "控制面与自动化入口",
"summary": "Intel 控制面负责情报入库;Lab 控制面负责本地部署、攻击验证、证据收集和看板生成。",
"open": true,
"items": [
{
"title": "情报控制面(Intel)",
"summary": "负责 source adapter、规范化、渲染、校验和 PR 流程。",
"open": false,
"fields": [
{
"label": "CLI 入口",
"value": "python3 /Users/x/websafe/scripts/intel/main.py"
},
{
"label": "主要命令",
"value": "render\nvalidate\nhotlane\ningest --since last-success\nreconcile\nbackfill --tier history-full --dry-run\nopen-pr --dry-run"
},
{
"label": "定时入口",
"value": "scripts/intel/run-hourly.sh\nscripts/intel/run-nightly.sh\nscripts/intel/run-weekly-reconcile.sh"
}
]
},
{
"title": "实证控制面(Lab)",
"summary": "负责 catalog、compose、seed、baseline、attack、browser、evidence、render 和 queue。",
"open": false,
"fields": [
{
"label": "CLI 入口",
"value": "python3 /Users/x/websafe/scripts/lab/main.py"
},
{
"label": "主要命令",
"value": "catalog sync\nvalidate\nrun-case\nrun-system\nrun-batch\nrender-run\nserve-dashboard --port 8734\ncleanup\nretry-failures"
},
{
"label": "关键模块",
"value": "catalog/\nprovision/\ncompose/\nseed/\nbaseline/\nattack/\nbrowser/\nevidence/\nrender/\nqueue/"
}
]
}
]
},
{
"title": "数据层与本地地址",
"summary": "Registry、生成层、run bundle 与 docs 镜像共同构成工作台的本地数据面。",
"open": true,
"items": [
{
"title": "真值层",
"summary": "统一的 registry 与 repro/source 配置。",
"open": false,
"fields": [
{
"label": "漏洞条目 Registry",
"value": "08-threat-intel/registry/advisories/*.json"
},
{
"label": "系统 Registry",
"value": "08-threat-intel/registry/systems/*.json"
},
{
"label": "运行 Registry",
"value": "08-threat-intel/registry/runs/*.json"
},
{
"label": "source-map 真值",
"value": "08-threat-intel/source-map.yaml"
},
{
"label": "repro-map 真值",
"value": "08-threat-intel/repro-map.yaml"
}
]
},
{
"title": "生成层与展示层",
"summary": "dashboard JSON、run report、docs 镜像与本地静态 UI。",
"open": false,
"links": [
{
"label": "总览首页",
"href": "/overview/index.html",
"description": "工作台总览、最新运行和全局摘要。"
},
{
"label": "运行中心",
"href": "/runs/index.html",
"description": "运行队列、详情、证据和日志入口。"
},
{
"label": "系统分组",
"href": "/systems/index.html",
"description": "按系统和分类浏览覆盖情况。"
},
{
"label": "架构库",
"href": "/architecture/index.html",
"description": "查看控制面、数据层和授权边界。"
},
{
"label": "文档中心",
"href": "/docs/index.html",
"description": "集中查看项目文档、本地镜像和说明。"
},
{
"label": "数据中心",
"href": "/data/index.html",
"description": "查看 summary、runs、systems 等 JSON 入口。"
},
{
"label": "旧版工作台",
"href": "/legacy/index.html",
"description": "保留的 legacy 回退入口。"
},
{
"label": "项目功能文档",
"href": "/docs/project-features.html",
"description": "项目能力、目录结构与自动化链路总览。"
},
{
"label": "前端设计文档",
"href": "/docs/frontend-dashboard-design.html",
"description": "当前本地工作台的交互与视觉规范。"
},
{
"label": "安全编码索引",
"href": "/docs/secure-code-index.html",
"description": "secure-code 修复库本地镜像。"
},
{
"label": "仓库入口镜像",
"href": "/docs/root-readme.html",
"description": "仓库根 README 的本地镜像。"
},
{
"label": "授权模型",
"href": "/docs/authorization-model.html",
"description": "允许目标范围、全局原则与记录要求。"
},
{
"label": "source-map 真值",
"href": "/docs/source-map.html",
"description": "系统覆盖、来源和输出目录真值。"
},
{
"label": "repro-map 真值",
"href": "/docs/repro-map.html",
"description": "复现族路由、浏览器要求和日志策略。"
},
{
"label": "覆盖矩阵",
"href": "/docs/coverage-matrix.html",
"description": "自动生成覆盖摘要的本地镜像。"
},
{
"label": "设计来源清单",
"href": "/docs/design-source.html",
"description": "Lovart 模板本地 vendor manifest。"
},
{
"label": "架构库镜像",
"href": "/docs/architecture-library.html",
"description": "当前架构库的结构化镜像页。"
},
{
"label": "summary.json",
"href": "/summary.json",
"description": "全局摘要、状态分布和最近失败。"
},
{
"label": "runs.json",
"href": "/runs.json",
"description": "最近 run 的结构化详情。"
},
{
"label": "systems.json",
"href": "/systems.json",
"description": "系统级覆盖与浏览器证据摘要。"
},
{
"label": "advisories.json",
"href": "/advisories.json",
"description": "漏洞条目元数据与来源。"
},
{
"label": "profiles.json",
"href": "/profiles.json",
"description": "复现档案元数据。"
},
{
"label": "architecture.json",
"href": "/architecture.json",
"description": "当前架构库结构化 JSON。"
}
],
"fields": [
{
"label": "工作台根目录",
"value": "08-threat-intel/generated/dashboard/"
},
{
"label": "运行归档根目录",
"value": "06-case-studies/generated-runs/<run-id>/"
},
{
"label": "默认入口",
"value": "/index.html"
},
{
"label": "总览入口",
"value": "/overview/index.html"
},
{
"label": "运行入口",
"value": "/runs/index.html"
},
{
"label": "系统入口",
"value": "/systems/index.html"
},
{
"label": "架构入口",
"value": "/architecture/index.html"
},
{
"label": "文档入口",
"value": "/docs/index.html"
},
{
"label": "数据入口",
"value": "/data/index.html"
},
{
"label": "旧版入口",
"value": "/legacy/index.html"
}
]
}
]
},
{
"title": "系统覆盖分组",
"summary": "基于 source-map 和 repro-map 生成的当前分组视图,可展开查看每个系统的来源、输出目录和复现默认值。",
"open": true,
"items": [
{
"title": "CMS / 内容平台",
"summary": "9 个系统 · 历史全量 3 · 近两年全量 6",
"open": false,
"stats": [
{
"label": "系统数",
"value": "9"
},
{
"label": "历史全量",
"value": "3"
},
{
"label": "近两年全量",
"value": "6"
}
],
"items": [
{
"title": "Directus (directus)",
"summary": "近两年全量 · core, extension",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/directus"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "directus"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Directus GitHub Advisories\nOSV Directus"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Discourse (discourse)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/discourse"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "discourse"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Discourse Meta Security\nGitHub Discourse Advisories"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Drupal (drupal)",
"summary": "历史全量 · core, module",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 1",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/drupal"
},
{
"label": "Advisory 模式",
"value": "core\nmodule"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\nfile-upload-validation\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "drupal:drupal"
},
{
"label": "GHSA 关键字",
"value": "drupal\ndrupal core"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Drupal Security Advisories RSS\nNVD Drupal"
},
{
"label": "生态来源",
"value": "Drupal Security Advisories Site"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Ghost (ghost)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/ghost"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "ghost"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Ghost GitHub Advisories\nNVD Ghost"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Joomla (joomla)",
"summary": "历史全量 · core, extension",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/joomla"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nfile-upload-validation\npath-traversal-guard\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "joomla:joomla!"
},
{
"label": "GHSA 关键字",
"value": "joomla"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Joomla Security Centre\nNVD Joomla"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "MediaWiki (mediawiki)",
"summary": "近两年全量 · core, extension",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/mediawiki"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nauthz-server-side-recheck\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "mediawiki:mediawiki"
},
{
"label": "GHSA 关键字",
"value": "mediawiki"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "MediaWiki Security Releases\nNVD MediaWiki"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Moodle (moodle)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/moodle"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "moodle:moodle"
},
{
"label": "GHSA 关键字",
"value": "moodle"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Moodle Security News\nNVD Moodle"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Strapi (strapi)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/strapi"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "strapi"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Strapi GitHub Advisories\nOSV Strapi"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "WordPress (wordpress)",
"summary": "历史全量 · core, plugin",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 3",
"研究源 1"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/cms/wordpress"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "plugin-extension-trust-policy\nxss-output-encoding\nfile-upload-validation\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "wordpress:wordpress"
},
{
"label": "GHSA 关键字",
"value": "wordpress\nwp-admin\nwp-includes"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "WordPress Security News\nNVD WordPress"
},
{
"label": "生态来源",
"value": "Wordfence Vulnerability Database\nPatchstack Database\nWPScan Vulnerability Database"
},
{
"label": "研究来源",
"value": "PortSwigger Research"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
}
]
},
{
"title": "Web 框架与运行时",
"summary": "29 个系统 · 历史全量 6 · 近两年全量 23",
"open": false,
"stats": [
{
"label": "系统数",
"value": "29"
},
{
"label": "历史全量",
"value": "6"
},
{
"label": "近两年全量",
"value": "23"
}
],
"items": [
{
"title": "ASP.NET Core (aspnet-core)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 1",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/aspnet-core"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "microsoft:asp.net_core"
},
{
"label": "GHSA 关键字",
"value": "asp.net core"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "NVD ASP.NET Core"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Angular (angular)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/angular"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\ntemplate-injection-guard\ncsp-trusted-types"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "angular"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Angular"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Astro (astro)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/astro"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ncsp-trusted-types"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "astro"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Astro"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "authz-bypass-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Django (django)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/django"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\npath-traversal-guard\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "djangoproject:django"
},
{
"label": "GHSA 关键字",
"value": "django"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Django Security RSS\nOSV Django"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Echo (echo)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 1",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/echo"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "echo"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "OSV Echo"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Express (express)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/express"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nssrf-url-validation\nproxy-trust-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "express"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Express"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Fastify (fastify)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/fastify"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nssrf-url-validation\nxss-output-encoding"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "fastify"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Fastify"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Flask (flask)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/flask"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nssrf-url-validation\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "flask"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "OSV Flask\nGitHub Global Advisories"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Gin (gin)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 1",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/gin"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nxss-output-encoding"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "gin"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "OSV Gin"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Hapi (hapi)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/hapi"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "hapi"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Hapi"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Koa (koa)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/koa"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nssrf-url-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "koa"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Koa"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Laravel (laravel)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/laravel"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nauthz-server-side-recheck\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "laravel"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Laravel"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "NestJS (nestjs)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/nestjs"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage\nssrf-url-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "nestjs"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV NestJS"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "ssrf-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Next.js (nextjs)",
"summary": "历史全量 · core",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/nextjs"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nproxy-trust-boundary\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "next.js\nnext"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Next.js Advisories\nGitHub Global Advisories\nOSV Next.js"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-source\nsynthetic\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Node.js (nodejs)",
"summary": "历史全量 · core",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/nodejs"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "ssrf-url-validation\nrequest-smuggling-boundary\ndependency-upgrade-policy"
},
{
"label": "CPE 关键字",
"value": "nodejs:node.js"
},
{
"label": "GHSA 关键字",
"value": "nodejs\nnode.js"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Node.js Security Releases\nCISA KEV Node.js"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "ssrf-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "official-source\nsynthetic\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Nuxt (nuxt)",
"summary": "历史全量 · core",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/nuxt"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nproxy-trust-boundary\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "nuxt"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Nuxt Security\nGitHub Global Advisories\nOSV Nuxt"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-source\nsynthetic\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "React (react)",
"summary": "历史全量 · core",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/react"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\ndom-sink-hardening\ncsp-trusted-types"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "react\nreact-dom"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub React Advisories\nGitHub Global Advisories\nOSV React"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Ruby on Rails (rails)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/rails"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nfile-upload-validation\nauthz-server-side-recheck"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "rails"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Rails"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Spring Boot (spring-boot)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/spring-boot"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nauthz-server-side-recheck"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "spring boot"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Spring Security Advisories\nGitHub Global Advisories"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Spring Framework (spring-framework)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/spring-framework"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\npath-traversal-guard\ndeserialization-safety"
},
{
"label": "CPE 关键字",
"value": "vmware:spring_framework"
},
{
"label": "GHSA 关键字",
"value": "spring framework"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Spring Security Advisories\nGitHub Global Advisories"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "deserialization-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Spring Security (spring-security)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/spring-security"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage\nproxy-trust-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "spring security"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Spring Security Advisories\nGitHub Global Advisories"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "SvelteKit (sveltekit)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/sveltekit"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "sveltekit\nsvelte"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV SvelteKit"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "session-token-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Symfony (symfony)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/symfony"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nauthz-server-side-recheck\npath-traversal-guard"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "symfony"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Symfony"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Undici (undici)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/undici"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "ssrf-url-validation\nproxy-trust-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "undici"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV Undici"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Vite (vite)",
"summary": "历史全量 · core, plugin",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/vite"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "dependency-upgrade-policy\nfile-upload-validation\nproxy-trust-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "vite"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Vite Security\nGitHub Global Advisories\nOSV Vite"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-source\nsynthetic\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Vue (vue)",
"summary": "历史全量 · core",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/vue"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\ntemplate-injection-guard\ncsp-trusted-types"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "vue\nvue compiler"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Vue Security\nGitHub Global Advisories\nOSV Vue"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-source\nsynthetic\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Werkzeug (werkzeug)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/werkzeug"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nrequest-smuggling-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "werkzeug"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "OSV Werkzeug\nGitHub Global Advisories"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "esbuild (esbuild)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/esbuild"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "dependency-upgrade-policy\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "esbuild"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV esbuild"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "webpack (webpack)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/frameworks/webpack"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "dependency-upgrade-policy\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "webpack"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Global Advisories\nOSV webpack"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
}
]
},
{
"title": "开源平台与后台系统",
"summary": "9 个系统 · 历史全量 0 · 近两年全量 9",
"open": false,
"stats": [
{
"label": "系统数",
"value": "9"
},
{
"label": "历史全量",
"value": "0"
},
{
"label": "近两年全量",
"value": "9"
}
],
"items": [
{
"title": "Adminer (adminer)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 1",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/adminer"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nauthz-server-side-recheck"
},
{
"label": "CPE 关键字",
"value": "adminer:adminer"
},
{
"label": "GHSA 关键字",
"value": "adminer"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "NVD Adminer"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "GitLab CE (gitlab-ce)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 1",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/gitlab-ce"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage\ndeserialization-safety"
},
{
"label": "CPE 关键字",
"value": "gitlab:gitlab"
},
{
"label": "GHSA 关键字",
"value": "gitlab"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitLab Security Releases\nNVD GitLab"
},
{
"label": "生态来源",
"value": "GitLab Advisory Database"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "deserialization-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Gitea (gitea)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/gitea"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage\nproxy-trust-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "gitea"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Gitea Advisories\nOSV Gitea"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Grafana (grafana)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/grafana"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nplugin-extension-trust-policy\nxss-output-encoding"
},
{
"label": "CPE 关键字",
"value": "grafana:grafana"
},
{
"label": "GHSA 关键字",
"value": "grafana"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Grafana Security Advisories\nCISA KEV Grafana"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Jenkins (jenkins)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/jenkins"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "plugin-extension-trust-policy\nauthz-server-side-recheck\ndeserialization-safety"
},
{
"label": "CPE 关键字",
"value": "jenkins:jenkins"
},
{
"label": "GHSA 关键字",
"value": "jenkins"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Jenkins Security Advisories\nNVD Jenkins"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "deserialization-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Kibana (kibana)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/kibana"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\nproxy-trust-boundary"
},
{
"label": "CPE 关键字",
"value": "elastic:kibana"
},
{
"label": "GHSA 关键字",
"value": "kibana"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Elastic Security Announcements\nNVD Kibana"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Mattermost (mattermost)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/mattermost"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "mattermost:mattermost"
},
{
"label": "GHSA 关键字",
"value": "mattermost"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Mattermost Security Updates\nNVD Mattermost"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Redmine (redmine)",
"summary": "近两年全量 · core, plugin",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/redmine"
},
{
"label": "Advisory 模式",
"value": "core\nplugin"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nxss-output-encoding\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "redmine:redmine"
},
{
"label": "GHSA 关键字",
"value": "redmine"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Redmine Security Advisories\nNVD Redmine"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "phpMyAdmin (phpmyadmin)",
"summary": "近两年全量 · core",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/platforms/phpmyadmin"
},
{
"label": "Advisory 模式",
"value": "core"
},
{
"label": "Secure-Code 主题",
"value": "xss-output-encoding\nauthz-server-side-recheck\npath-traversal-guard"
},
{
"label": "CPE 关键字",
"value": "phpmyadmin:phpmyadmin"
},
{
"label": "GHSA 关键字",
"value": "phpmyadmin"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "phpMyAdmin Security Page\nNVD phpMyAdmin"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
}
]
},
{
"title": "服务器与边界层",
"summary": "6 个系统 · 历史全量 3 · 近两年全量 3",
"open": false,
"stats": [
{
"label": "系统数",
"value": "6"
},
{
"label": "历史全量",
"value": "3"
},
{
"label": "近两年全量",
"value": "3"
}
],
"items": [
{
"title": "Apache HTTP Server (apache-httpd)",
"summary": "历史全量 · server",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/servers/apache-httpd"
},
{
"label": "Advisory 模式",
"value": "server"
},
{
"label": "Secure-Code 主题",
"value": "request-smuggling-boundary\nproxy-trust-boundary\npath-traversal-guard"
},
{
"label": "CPE 关键字",
"value": "apache:http_server"
},
{
"label": "GHSA 关键字",
"value": "apache http server\nhttpd"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Apache HTTPD Security\nCISA KEV Apache HTTPD\nNVD Apache HTTP Server"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Apache Tomcat (apache-tomcat)",
"summary": "历史全量 · server",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/servers/apache-tomcat"
},
{
"label": "Advisory 模式",
"value": "server"
},
{
"label": "Secure-Code 主题",
"value": "request-smuggling-boundary\nauthz-server-side-recheck\npath-traversal-guard"
},
{
"label": "CPE 关键字",
"value": "apache:tomcat"
},
{
"label": "GHSA 关键字",
"value": "tomcat"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Apache Tomcat Security\nCISA KEV Tomcat\nNVD Tomcat"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "authz-bypass-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Caddy (caddy)",
"summary": "近两年全量 · server",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/servers/caddy"
},
{
"label": "Advisory 模式",
"value": "server"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nrequest-smuggling-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "caddy"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Caddy Advisories\nOSV Caddy"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "HAProxy (haproxy)",
"summary": "近两年全量 · server",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/servers/haproxy"
},
{
"label": "Advisory 模式",
"value": "server"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nrequest-smuggling-boundary"
},
{
"label": "CPE 关键字",
"value": "haproxy:haproxy"
},
{
"label": "GHSA 关键字",
"value": "haproxy"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "HAProxy Security Advisories\nNVD HAProxy"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Nginx (nginx)",
"summary": "历史全量 · server",
"open": false,
"badges": [
"历史全量",
"官方源 3",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/servers/nginx"
},
{
"label": "Advisory 模式",
"value": "server"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nrequest-smuggling-boundary\ncsp-trusted-types"
},
{
"label": "CPE 关键字",
"value": "f5:nginx\nnginx:nginx"
},
{
"label": "GHSA 关键字",
"value": "nginx"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "NGINX Security Advisories\nNVD NGINX\nCISA KEV NGINX"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Traefik (traefik)",
"summary": "近两年全量 · server",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/servers/traefik"
},
{
"label": "Advisory 模式",
"value": "server"
},
{
"label": "Secure-Code 主题",
"value": "proxy-trust-boundary\nrequest-smuggling-boundary"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "traefik"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Traefik Advisories\nOSV Traefik"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "proxy-boundary-generic"
},
{
"label": "浏览器默认要求",
"value": "否"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "minimal-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
}
]
},
{
"title": "电商系统",
"summary": "9 个系统 · 历史全量 6 · 近两年全量 3",
"open": false,
"stats": [
{
"label": "系统数",
"value": "9"
},
{
"label": "历史全量",
"value": "6"
},
{
"label": "近两年全量",
"value": "3"
}
],
"items": [
{
"title": "Adobe Commerce (adobe-commerce)",
"summary": "历史全量 · core, extension",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 1",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/adobe-commerce"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nfile-upload-validation\nxss-output-encoding\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "adobe:commerce\nmagento:magento"
},
{
"label": "GHSA 关键字",
"value": "magento\nadobe commerce"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Adobe Security Bulletins\nNVD Adobe Commerce"
},
{
"label": "生态来源",
"value": "Sansec Research"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Magento Open Source (magento-open-source)",
"summary": "历史全量 · core, extension",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 1",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/magento-open-source"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nfile-upload-validation\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "magento:magento"
},
{
"label": "GHSA 关键字",
"value": "magento"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Magento GitHub Advisories\nNVD Magento"
},
{
"label": "生态来源",
"value": "Sansec Research"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Medusa (medusa)",
"summary": "近两年全量 · core, extension",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/medusa"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "medusa"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Medusa Advisories\nOSV Medusa"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "session-token-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "OpenCart (opencart)",
"summary": "历史全量 · core, extension",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/opencart"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nplugin-extension-trust-policy\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "opencart:opencart"
},
{
"label": "GHSA 关键字",
"value": "opencart"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "OpenCart Releases\nNVD OpenCart"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "OpenMage / Mage-OS (openmage)",
"summary": "近两年全量 · core, extension",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/openmage"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nplugin-extension-trust-policy"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "openmage\nmage-os"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "OpenMage GitHub Advisories\nNVD OpenMage"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "plugin-extension-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "PrestaShop (prestashop)",
"summary": "历史全量 · core, module",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 1",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/prestashop"
},
{
"label": "Advisory 模式",
"value": "core\nmodule"
},
{
"label": "Secure-Code 主题",
"value": "plugin-extension-trust-policy\nauthz-server-side-recheck\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "prestashop:prestashop"
},
{
"label": "GHSA 关键字",
"value": "prestashop"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "PrestaShop Security Page\nGitHub PrestaShop Advisories"
},
{
"label": "生态来源",
"value": "Friends Of Presta Security"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "official-image\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Saleor (saleor)",
"summary": "近两年全量 · core, extension",
"open": false,
"badges": [
"近两年全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/saleor"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\ntoken-cookie-storage"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "saleor"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "GitHub Saleor Advisories\nNVD Saleor"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "session-token-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "Shopware (shopware)",
"summary": "历史全量 · core, extension",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 0",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/shopware"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "authz-server-side-recheck\nplugin-extension-trust-policy\nfile-upload-validation"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "shopware"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Shopware Security Advisories\nNVD Shopware"
},
{
"label": "生态来源",
"value": "-"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "file-upload-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
},
{
"title": "WooCommerce (woocommerce)",
"summary": "历史全量 · core, extension",
"open": false,
"badges": [
"历史全量",
"官方源 2",
"生态源 2",
"研究源 0"
],
"fields": [
{
"label": "输出目录",
"value": "07-framework-security/ecommerce/woocommerce"
},
{
"label": "Advisory 模式",
"value": "core\nextension"
},
{
"label": "Secure-Code 主题",
"value": "plugin-extension-trust-policy\nxss-output-encoding\nauthz-server-side-recheck"
},
{
"label": "CPE 关键字",
"value": "-"
},
{
"label": "GHSA 关键字",
"value": "woocommerce"
}
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": false,
"fields": [
{
"label": "官方来源",
"value": "Woo Developer Advisories\nGitHub WooCommerce Advisories"
},
{
"label": "生态来源",
"value": "Patchstack Database\nWordfence Vulnerability Database"
},
{
"label": "研究来源",
"value": "-"
}
]
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": false,
"fields": [
{
"label": "默认漏洞家族",
"value": "xss-generic"
},
{
"label": "浏览器默认要求",
"value": "是"
},
{
"label": "优先制品模式",
"value": "synthetic\nofficial-source\nsynthetic"
},
{
"label": "种子策略",
"value": "default-seed"
},
{
"label": "日志采集器",
"value": "docker-logs\nhttp-snapshot"
},
{
"label": "报告模板",
"value": "default-lab-report"
}
]
}
]
}
]
}
]
},
{
"title": "Repro 路由概览",
"summary": "按默认漏洞家族聚合当前系统路由,帮助查看 family runner 覆盖面。",
"open": true,
"items": [
{
"title": "xss-generic",
"summary": "默认路由到该 family 的系统数:27",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "27"
}
]
},
{
"title": "proxy-boundary-generic",
"summary": "默认路由到该 family 的系统数:16",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "16"
}
]
},
{
"title": "file-upload-generic",
"summary": "默认路由到该 family 的系统数:8",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "8"
}
]
},
{
"title": "deserialization-generic",
"summary": "默认路由到该 family 的系统数:3",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "3"
}
]
},
{
"title": "session-token-generic",
"summary": "默认路由到该 family 的系统数:3",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "3"
}
]
},
{
"title": "authz-bypass-generic",
"summary": "默认路由到该 family 的系统数:2",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "2"
}
]
},
{
"title": "ssrf-generic",
"summary": "默认路由到该 family 的系统数:2",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "2"
}
]
},
{
"title": "plugin-extension-generic",
"summary": "默认路由到该 family 的系统数:1",
"open": false,
"fields": [
{
"label": "系统数量",
"value": "1"
}
]
}
]
},
{
"title": "当前生成态与阻塞概览",
"summary": "当前 render 后的状态分布、失败摘要与最近可见阻塞。",
"open": true,
"stats": [
{
"label": "Run 数",
"value": "3"
},
{
"label": "Advisory 数",
"value": "89"
},
{
"label": "状态类型",
"value": "2"
},
{
"label": "最近失败",
"value": "3"
}
],
"items": [
{
"title": "状态分布",
"summary": "verification_status 当前计数。",
"open": false,
"items": [
{
"title": "制品阻塞",
"summary": "当前累计 2 条。",
"open": false,
"fields": [
{
"label": "状态编码",
"value": "blocked-artifact"
},
{
"label": "数量",
"value": "2"
}
]
},
{
"title": "人工分诊",
"summary": "当前累计 1 条。",
"open": false,
"fields": [
{
"label": "状态编码",
"value": "triage-manual"
},
{
"label": "数量",
"value": "1"
}
]
}
]
},
{
"title": "最近失败",
"summary": "当前 dashboard 摘要里可见的失败或人工分诊样本。",
"open": false,
"items": [
{
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"open": false,
"badges": [
"制品阻塞"
],
"fields": [
{
"label": "运行 ID",
"value": "gitea-livecheck-20260316"
},
{
"label": "漏洞条目",
"value": "gitea--CVE-2025-68939"
},
{
"label": "状态",
"value": "制品阻塞"
},
{
"label": "阻塞原因",
"value": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
}
]
},
{
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"open": false,
"badges": [
"制品阻塞"
],
"fields": [
{
"label": "运行 ID",
"value": "gitea-gitea--CVE-2025-68939-20260317063330"
},
{
"label": "漏洞条目",
"value": "gitea--CVE-2025-68939"
},
{
"label": "状态",
"value": "制品阻塞"
},
{
"label": "阻塞原因",
"value": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
}
]
},
{
"title": "Authorization Bypass in Next.js Middleware",
"summary": "dry-run only",
"open": false,
"badges": [
"人工分诊"
],
"fields": [
{
"label": "运行 ID",
"value": "nextjs-nextjs--CVE-2025-29927-20260317063047"
},
{
"label": "漏洞条目",
"value": "nextjs--CVE-2025-29927"
},
{
"label": "状态",
"value": "人工分诊"
},
{
"label": "阻塞原因",
"value": "dry-run only"
}
]
}
]
}
]
}
]
}