返回工作台

Source Catalog Audit

工作台内置镜像页:active/retired source、replacement map 与覆盖摘要。
# Source Catalog Audit

- generated_at: `2026-03-19T09:17:03+00:00`
- systems: `62`
- sources: `179`
- active_sources: `113`
- retired_sources: `66`
- systems_with_active_official: `61/62`
- systems_with_machine_readable_source: `61/62`

## Retired Sources

- `adminer` `NVD Adminer` -> replacements: `OSV Adminer` | reason: OSV Adminer provides a machine-readable Packagist-aligned source, removing the need for NVD public search.
- `adobe-commerce` `Adobe Security Bulletins` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
- `adobe-commerce` `GHSA Adobe Commerce` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
- `adobe-commerce` `NVD Adobe Commerce` -> replacements: `Adobe Magento Security Index` | reason: Adobe Magento Security Index is now the active official machine-readable source, so NVD public search is no longer needed for daily collection.
- `adobe-commerce` `Sansec Research` -> replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
- `angular` `GitHub Global Advisories` -> replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
- `apache-httpd` `NVD Apache HTTP Server` -> replacements: `Apache HTTPD Security, CISA KEV Apache HTTPD` | reason: Official Apache HTTPD advisories page plus CISA KEV are sufficient active sources for daily monitoring.
- `apache-tomcat` `NVD Tomcat` -> replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
- `aspnet-core` `NVD ASP.NET Core` -> replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
- `drupal` `NVD Drupal` -> replacements: `Drupal Security Advisories RSS, OSV Drupal` | reason: OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.
- `esbuild` `GitHub Global Advisories` -> replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
- `esbuild` `NVD esbuild` -> replacements: `OSV esbuild` | reason: OSV esbuild replaces NVD public search for lower-latency machine-readable collection.
- `express` `GitHub Global Advisories` -> replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
- `express` `NVD Express.js` -> replacements: `OSV Express` | reason: OSV Express replaces NVD public search for lower-latency machine-readable collection.
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
- `ghost` `NVD Ghost` -> replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
- `gitlab-ce` `NVD GitLab` -> replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
- `haproxy` `NVD HAProxy` -> replacements: `HAProxy Blog Feed` | reason: HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.
- `jenkins` `NVD Jenkins` -> replacements: `Jenkins Security Advisories, Jenkins Security Advisories RSS` | reason: Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.
- `joomla` `NVD Joomla` -> replacements: `Joomla Security Centre, OSV Joomla` | reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
- `kibana` `NVD Kibana` -> replacements: `Elastic Security Announcements, Elastic Security Announcements RSS` | reason: Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
- `magento-open-source` `NVD Magento` -> replacements: `Magento GitHub Advisories, OSV Magento Open Source` | reason: OSV Magento Open Source plus Magento GitHub advisories replace NVD public search for machine-readable collection.
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
- `mattermost` `NVD Mattermost` -> replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
- `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
- `mediawiki` `NVD MediaWiki` -> replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
- `moodle` `NVD Moodle` -> replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
- `nestjs` `NVD NestJS` -> replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
- `nginx` `NVD NGINX` -> replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
- `opencart` `NVD OpenCart` -> replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
- `openmage` `NVD OpenMage` -> replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
- `phpmyadmin` `NVD phpMyAdmin` -> replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
- `prestashop` `NVD PrestaShop` -> replacements: `PrestaShop Security Page, GitHub PrestaShop Advisories, OSV PrestaShop` | reason: OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
- `rails` `NVD Ruby on Rails` -> replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
- `redmine` `NVD Redmine` -> replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
- `saleor` `NVD Saleor` -> replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
- `shopware` `NVD Shopware` -> replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Boot` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Framework` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
- `undici` `NVD Undici` -> replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
- `webpack` `NVD webpack` -> replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
- `woocommerce` `NVD WooCommerce` -> replacements: `Woo Developer Advisories, GitHub WooCommerce Advisories, OSV WooCommerce` | reason: OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.
- `wordpress` `NVD WordPress` -> replacements: `WordPress Security News RSS, Wordfence Vulnerability Database, WPScan Vulnerability Database` | reason: WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.