{ "vite--CVE-2025-62522": { "canonical_id": "vite--CVE-2025-62522", "title": "vite--CVE-2025-62522", "summary": "Derived from latest run vite-vite--CVE-2025-62522-20260318040559", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:59+00:00", "updated_at": "2026-03-18T04:06:05+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json" ] } }, "vite--CVE-2025-58752": { "canonical_id": "vite--CVE-2025-58752", "title": "vite--CVE-2025-58752", "summary": "Derived from latest run vite-vite--CVE-2025-58752-20260318040552", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:52+00:00", "updated_at": "2026-03-18T04:05:59+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json" ] } }, "vite--CVE-2025-58751": { "canonical_id": "vite--CVE-2025-58751", "title": "vite--CVE-2025-58751", "summary": "Derived from latest run vite-vite--CVE-2025-58751-20260318040545", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:45+00:00", "updated_at": "2026-03-18T04:05:52+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json" ] } }, "vite--CVE-2025-46565": { "canonical_id": "vite--CVE-2025-46565", "title": "vite--CVE-2025-46565", "summary": "Derived from latest run vite-vite--CVE-2025-46565-20260318040538", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:38+00:00", "updated_at": "2026-03-18T04:05:45+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json" ] } }, "vite--CVE-2025-32395": { "canonical_id": "vite--CVE-2025-32395", "title": "vite--CVE-2025-32395", "summary": "Derived from latest run vite-vite--CVE-2025-32395-20260318040532", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:32+00:00", "updated_at": "2026-03-18T04:05:38+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json" ] } }, "vite--CVE-2025-31486": { "canonical_id": "vite--CVE-2025-31486", "title": "vite--CVE-2025-31486", "summary": "Derived from latest run vite-vite--CVE-2025-31486-20260318040525", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:25+00:00", "updated_at": "2026-03-18T04:05:32+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json" ] } }, "vite--CVE-2025-31125": { "canonical_id": "vite--CVE-2025-31125", "title": "vite--CVE-2025-31125", "summary": "Derived from latest run vite-vite--CVE-2025-31125-20260318040518", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:18+00:00", "updated_at": "2026-03-18T04:05:25+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json" ] } }, "vite--CVE-2025-30208": { "canonical_id": "vite--CVE-2025-30208", "title": "vite--CVE-2025-30208", "summary": "Derived from latest run vite-vite--CVE-2025-30208-20260318040511", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:11+00:00", "updated_at": "2026-03-18T04:05:18+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json" ] } }, "vite--CVE-2025-24010": { "canonical_id": "vite--CVE-2025-24010", "title": "vite--CVE-2025-24010", "summary": "Derived from latest run vite-vite--CVE-2025-24010-20260318040505", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:05:05+00:00", "updated_at": "2026-03-18T04:05:11+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json" ] } }, "vite--CVE-2024-45812": { "canonical_id": "vite--CVE-2024-45812", "title": "vite--CVE-2024-45812", "summary": "Derived from latest run vite-vite--CVE-2024-45812-20260318040458", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:04:58+00:00", "updated_at": "2026-03-18T04:05:05+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json" ] } }, "vite--CVE-2024-45811": { "canonical_id": "vite--CVE-2024-45811", "title": "vite--CVE-2024-45811", "summary": "Derived from latest run vite-vite--CVE-2024-45811-20260318040452", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:04:52+00:00", "updated_at": "2026-03-18T04:04:58+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json" ] } }, "vite--CVE-2024-23331": { "canonical_id": "vite--CVE-2024-23331", "title": "vite--CVE-2024-23331", "summary": "Derived from latest run vite-vite--CVE-2024-23331-20260318040445", "display_name": "Vite", "system_id": "vite", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:04:45+00:00", "updated_at": "2026-03-18T04:04:52+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "dependency-upgrade-policy", "file-upload-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json" ] } }, "undici--CVE-2026-2581": { "canonical_id": "undici--CVE-2026-2581", "title": "undici--CVE-2026-2581", "summary": "Derived from latest run undici-undici--CVE-2026-2581-20260318040332", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:32+00:00", "updated_at": "2026-03-18T04:03:36+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2026-2229": { "canonical_id": "undici--CVE-2026-2229", "title": "undici--CVE-2026-2229", "summary": "Derived from latest run undici-undici--CVE-2026-2229-20260318040328", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:28+00:00", "updated_at": "2026-03-18T04:03:32+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2026-22036": { "canonical_id": "undici--CVE-2026-22036", "title": "undici--CVE-2026-22036", "summary": "Derived from latest run undici-undici--CVE-2026-22036-20260318040323", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:23+00:00", "updated_at": "2026-03-18T04:03:27+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2026-1528": { "canonical_id": "undici--CVE-2026-1528", "title": "undici--CVE-2026-1528", "summary": "Derived from latest run undici-undici--CVE-2026-1528-20260318040318", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:18+00:00", "updated_at": "2026-03-18T04:03:23+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2026-1527": { "canonical_id": "undici--CVE-2026-1527", "title": "undici--CVE-2026-1527", "summary": "Derived from latest run undici-undici--CVE-2026-1527-20260318040314", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:14+00:00", "updated_at": "2026-03-18T04:03:18+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2026-1526": { "canonical_id": "undici--CVE-2026-1526", "title": "undici--CVE-2026-1526", "summary": "Derived from latest run undici-undici--CVE-2026-1526-20260318040309", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:09+00:00", "updated_at": "2026-03-18T04:03:14+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2026-1525": { "canonical_id": "undici--CVE-2026-1525", "title": "undici--CVE-2026-1525", "summary": "Derived from latest run undici-undici--CVE-2026-1525-20260318040304", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:04+00:00", "updated_at": "2026-03-18T04:03:09+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2025-47279": { "canonical_id": "undici--CVE-2025-47279", "title": "undici--CVE-2025-47279", "summary": "Derived from latest run undici-undici--CVE-2025-47279-20260318040300", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:03:00+00:00", "updated_at": "2026-03-18T04:03:04+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2025-22150": { "canonical_id": "undici--CVE-2025-22150", "title": "undici--CVE-2025-22150", "summary": "Derived from latest run undici-undici--CVE-2025-22150-20260318040256", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:02:56+00:00", "updated_at": "2026-03-18T04:03:00+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2024-30261": { "canonical_id": "undici--CVE-2024-30261", "title": "undici--CVE-2024-30261", "summary": "Derived from latest run undici-undici--CVE-2024-30261-20260318040251", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:02:51+00:00", "updated_at": "2026-03-18T04:02:56+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2024-30260": { "canonical_id": "undici--CVE-2024-30260", "title": "undici--CVE-2024-30260", "summary": "Derived from latest run undici-undici--CVE-2024-30260-20260318040247", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:02:47+00:00", "updated_at": "2026-03-18T04:02:51+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2023-45143": { "canonical_id": "undici--CVE-2023-45143", "title": "undici--CVE-2023-45143", "summary": "Derived from latest run undici-undici--CVE-2023-45143-20260318040242", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:02:42+00:00", "updated_at": "2026-03-18T04:02:46+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2022-32210": { "canonical_id": "undici--CVE-2022-32210", "title": "undici--CVE-2022-32210", "summary": "Derived from latest run undici-undici--CVE-2022-32210-20260318040238", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:02:38+00:00", "updated_at": "2026-03-18T04:02:42+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "undici--CVE-2022-31151": { "canonical_id": "undici--CVE-2022-31151", "title": "undici--CVE-2022-31151", "summary": "Derived from latest run undici-undici--CVE-2022-31151-20260318040233", "display_name": "Undici", "system_id": "undici", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T04:02:33+00:00", "updated_at": "2026-03-18T04:02:37+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "ssrf-url-validation", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "nextjs--GHSA-w37m-7fhw-fmv9": { "canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9", "title": "nextjs--GHSA-w37m-7fhw-fmv9", "summary": "Derived from latest run nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:48+00:00", "updated_at": "2026-03-18T03:58:55+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json" ] } }, "nextjs--GHSA-mwv6-3258-q52c": { "canonical_id": "nextjs--GHSA-mwv6-3258-q52c", "title": "nextjs--GHSA-mwv6-3258-q52c", "summary": "Derived from latest run nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:42+00:00", "updated_at": "2026-03-18T03:58:48+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json" ] } }, "nextjs--GHSA-h25m-26qc-wcjf": { "canonical_id": "nextjs--GHSA-h25m-26qc-wcjf", "title": "nextjs--GHSA-h25m-26qc-wcjf", "summary": "Derived from latest run nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:37+00:00", "updated_at": "2026-03-18T03:58:41+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "nextjs--GHSA-9qr9-h5gf-34mp": { "canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp", "title": "nextjs--GHSA-9qr9-h5gf-34mp", "summary": "Derived from latest run nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:30+00:00", "updated_at": "2026-03-18T03:58:37+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json" ] } }, "nextjs--GHSA-5j59-xgg2-r9c4": { "canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4", "title": "nextjs--GHSA-5j59-xgg2-r9c4", "summary": "Derived from latest run nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:24+00:00", "updated_at": "2026-03-18T03:58:30+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json" ] } }, "nextjs--CVE-2025-59472": { "canonical_id": "nextjs--CVE-2025-59472", "title": "nextjs--CVE-2025-59472", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-59472-20260318035817", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:17+00:00", "updated_at": "2026-03-18T03:58:24+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json" ] } }, "nextjs--CVE-2025-59471": { "canonical_id": "nextjs--CVE-2025-59471", "title": "nextjs--CVE-2025-59471", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-59471-20260318035811", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:11+00:00", "updated_at": "2026-03-18T03:58:17+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json" ] } }, "nextjs--CVE-2025-57822": { "canonical_id": "nextjs--CVE-2025-57822", "title": "nextjs--CVE-2025-57822", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-57822-20260318035806", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:06+00:00", "updated_at": "2026-03-18T03:58:11+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "nextjs--CVE-2025-57752": { "canonical_id": "nextjs--CVE-2025-57752", "title": "nextjs--CVE-2025-57752", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-57752-20260318035800", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:58:00+00:00", "updated_at": "2026-03-18T03:58:06+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json" ] } }, "nextjs--CVE-2025-55173": { "canonical_id": "nextjs--CVE-2025-55173", "title": "nextjs--CVE-2025-55173", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-55173-20260318035753", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:53+00:00", "updated_at": "2026-03-18T03:58:00+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json" ] } }, "nextjs--CVE-2025-49826": { "canonical_id": "nextjs--CVE-2025-49826", "title": "nextjs--CVE-2025-49826", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-49826-20260318035747", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:47+00:00", "updated_at": "2026-03-18T03:57:53+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json" ] } }, "nextjs--CVE-2025-49005": { "canonical_id": "nextjs--CVE-2025-49005", "title": "nextjs--CVE-2025-49005", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-49005-20260318035740", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:40+00:00", "updated_at": "2026-03-18T03:57:47+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json" ] } }, "nextjs--CVE-2025-48068": { "canonical_id": "nextjs--CVE-2025-48068", "title": "nextjs--CVE-2025-48068", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-48068-20260318035734", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:34+00:00", "updated_at": "2026-03-18T03:57:40+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json" ] } }, "nextjs--CVE-2025-32421": { "canonical_id": "nextjs--CVE-2025-32421", "title": "nextjs--CVE-2025-32421", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-32421-20260318035727", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:27+00:00", "updated_at": "2026-03-18T03:57:34+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json" ] } }, "nextjs--CVE-2025-30218": { "canonical_id": "nextjs--CVE-2025-30218", "title": "nextjs--CVE-2025-30218", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-30218-20260318035721", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:21+00:00", "updated_at": "2026-03-18T03:57:27+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json" ] } }, "nextjs--CVE-2025-29927": { "canonical_id": "nextjs--CVE-2025-29927", "title": "nextjs--CVE-2025-29927", "summary": "Derived from latest run nextjs-nextjs--CVE-2025-29927-20260318035717", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:17+00:00", "updated_at": "2026-03-18T03:57:21+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "nextjs--CVE-2024-56332": { "canonical_id": "nextjs--CVE-2024-56332", "title": "nextjs--CVE-2024-56332", "summary": "Derived from latest run nextjs-nextjs--CVE-2024-56332-20260318035710", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:10+00:00", "updated_at": "2026-03-18T03:57:16+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json" ] } }, "nextjs--CVE-2024-51479": { "canonical_id": "nextjs--CVE-2024-51479", "title": "nextjs--CVE-2024-51479", "summary": "Derived from latest run nextjs-nextjs--CVE-2024-51479-20260318035706", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:57:06+00:00", "updated_at": "2026-03-18T03:57:10+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "nextjs--CVE-2024-47831": { "canonical_id": "nextjs--CVE-2024-47831", "title": "nextjs--CVE-2024-47831", "summary": "Derived from latest run nextjs-nextjs--CVE-2024-47831-20260318035659", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:59+00:00", "updated_at": "2026-03-18T03:57:06+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json" ] } }, "nextjs--CVE-2024-46982": { "canonical_id": "nextjs--CVE-2024-46982", "title": "nextjs--CVE-2024-46982", "summary": "Derived from latest run nextjs-nextjs--CVE-2024-46982-20260318035653", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:53+00:00", "updated_at": "2026-03-18T03:56:59+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json" ] } }, "nextjs--CVE-2024-34351": { "canonical_id": "nextjs--CVE-2024-34351", "title": "nextjs--CVE-2024-34351", "summary": "Derived from latest run nextjs-nextjs--CVE-2024-34351-20260318035648", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:48+00:00", "updated_at": "2026-03-18T03:56:53+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "nextjs--CVE-2021-43803": { "canonical_id": "nextjs--CVE-2021-43803", "title": "nextjs--CVE-2021-43803", "summary": "Derived from latest run nextjs-nextjs--CVE-2021-43803-20260318035642", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:42+00:00", "updated_at": "2026-03-18T03:56:48+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json" ] } }, "nextjs--CVE-2021-39178": { "canonical_id": "nextjs--CVE-2021-39178", "title": "nextjs--CVE-2021-39178", "summary": "Derived from latest run nextjs-nextjs--CVE-2021-39178-20260318035635", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:35+00:00", "updated_at": "2026-03-18T03:56:42+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json" ] } }, "nextjs--CVE-2021-37699": { "canonical_id": "nextjs--CVE-2021-37699", "title": "nextjs--CVE-2021-37699", "summary": "Derived from latest run nextjs-nextjs--CVE-2021-37699-20260318035628", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:28+00:00", "updated_at": "2026-03-18T03:56:35+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json" ] } }, "nextjs--CVE-2020-5284": { "canonical_id": "nextjs--CVE-2020-5284", "title": "nextjs--CVE-2020-5284", "summary": "Derived from latest run nextjs-nextjs--CVE-2020-5284-20260318035622", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:22+00:00", "updated_at": "2026-03-18T03:56:28+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json" ] } }, "nextjs--CVE-2020-15242": { "canonical_id": "nextjs--CVE-2020-15242", "title": "nextjs--CVE-2020-15242", "summary": "Derived from latest run nextjs-nextjs--CVE-2020-15242-20260318035615", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:56:15+00:00", "updated_at": "2026-03-18T03:56:22+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json" ] } }, "gitea--CVE-2026-20912": { "canonical_id": "gitea--CVE-2026-20912", "title": "gitea--CVE-2026-20912", "summary": "Derived from latest run gitea-gitea--CVE-2026-20912-20260318035506", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:55:06+00:00", "updated_at": "2026-03-18T03:55:13+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json" ] } }, "gitea--CVE-2026-20904": { "canonical_id": "gitea--CVE-2026-20904", "title": "gitea--CVE-2026-20904", "summary": "Derived from latest run gitea-gitea--CVE-2026-20904-20260318035500", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:55:00+00:00", "updated_at": "2026-03-18T03:55:06+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json" ] } }, "gitea--CVE-2026-20897": { "canonical_id": "gitea--CVE-2026-20897", "title": "gitea--CVE-2026-20897", "summary": "Derived from latest run gitea-gitea--CVE-2026-20897-20260318035454", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:54+00:00", "updated_at": "2026-03-18T03:55:00+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json" ] } }, "gitea--CVE-2026-20888": { "canonical_id": "gitea--CVE-2026-20888", "title": "gitea--CVE-2026-20888", "summary": "Derived from latest run gitea-gitea--CVE-2026-20888-20260318035447", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:47+00:00", "updated_at": "2026-03-18T03:54:54+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json" ] } }, "gitea--CVE-2026-20883": { "canonical_id": "gitea--CVE-2026-20883", "title": "gitea--CVE-2026-20883", "summary": "Derived from latest run gitea-gitea--CVE-2026-20883-20260318035441", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:41+00:00", "updated_at": "2026-03-18T03:54:47+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json" ] } }, "gitea--CVE-2026-20800": { "canonical_id": "gitea--CVE-2026-20800", "title": "gitea--CVE-2026-20800", "summary": "Derived from latest run gitea-gitea--CVE-2026-20800-20260318035434", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:34+00:00", "updated_at": "2026-03-18T03:54:41+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json" ] } }, "gitea--CVE-2026-20750": { "canonical_id": "gitea--CVE-2026-20750", "title": "gitea--CVE-2026-20750", "summary": "Derived from latest run gitea-gitea--CVE-2026-20750-20260318035428", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:28+00:00", "updated_at": "2026-03-18T03:54:34+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json" ] } }, "gitea--CVE-2026-20736": { "canonical_id": "gitea--CVE-2026-20736", "title": "gitea--CVE-2026-20736", "summary": "Derived from latest run gitea-gitea--CVE-2026-20736-20260318035423", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:23+00:00", "updated_at": "2026-03-18T03:54:27+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "gitea--CVE-2026-0798": { "canonical_id": "gitea--CVE-2026-0798", "title": "gitea--CVE-2026-0798", "summary": "Derived from latest run gitea-gitea--CVE-2026-0798-20260318035416", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:16+00:00", "updated_at": "2026-03-18T03:54:23+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json" ] } }, "gitea--CVE-2025-69413": { "canonical_id": "gitea--CVE-2025-69413", "title": "gitea--CVE-2025-69413", "summary": "Derived from latest run gitea-gitea--CVE-2025-69413-20260318035410", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:10+00:00", "updated_at": "2026-03-18T03:54:16+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json" ] } }, "gitea--CVE-2025-68946": { "canonical_id": "gitea--CVE-2025-68946", "title": "gitea--CVE-2025-68946", "summary": "Derived from latest run gitea-gitea--CVE-2025-68946-20260318035404", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:54:04+00:00", "updated_at": "2026-03-18T03:54:10+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json" ] } }, "gitea--CVE-2025-68945": { "canonical_id": "gitea--CVE-2025-68945", "title": "gitea--CVE-2025-68945", "summary": "Derived from latest run gitea-gitea--CVE-2025-68945-20260318035358", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:58+00:00", "updated_at": "2026-03-18T03:54:04+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json" ] } }, "gitea--CVE-2025-68944": { "canonical_id": "gitea--CVE-2025-68944", "title": "gitea--CVE-2025-68944", "summary": "Derived from latest run gitea-gitea--CVE-2025-68944-20260318035353", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:53+00:00", "updated_at": "2026-03-18T03:53:57+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "gitea--CVE-2025-68943": { "canonical_id": "gitea--CVE-2025-68943", "title": "gitea--CVE-2025-68943", "summary": "Derived from latest run gitea-gitea--CVE-2025-68943-20260318035347", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:47+00:00", "updated_at": "2026-03-18T03:53:53+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json" ] } }, "gitea--CVE-2025-68942": { "canonical_id": "gitea--CVE-2025-68942", "title": "gitea--CVE-2025-68942", "summary": "Derived from latest run gitea-gitea--CVE-2025-68942-20260318035340", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:40+00:00", "updated_at": "2026-03-18T03:53:47+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json" ] } }, "gitea--CVE-2025-68941": { "canonical_id": "gitea--CVE-2025-68941", "title": "gitea--CVE-2025-68941", "summary": "Derived from latest run gitea-gitea--CVE-2025-68941-20260318035334", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:34+00:00", "updated_at": "2026-03-18T03:53:40+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json" ] } }, "gitea--CVE-2025-68940": { "canonical_id": "gitea--CVE-2025-68940", "title": "gitea--CVE-2025-68940", "summary": "Derived from latest run gitea-gitea--CVE-2025-68940-20260318035330", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:30+00:00", "updated_at": "2026-03-18T03:53:34+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "gitea--CVE-2025-68939": { "canonical_id": "gitea--CVE-2025-68939", "title": "gitea--CVE-2025-68939", "summary": "Derived from latest run gitea-gitea--CVE-2025-68939-20260318035323", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:23+00:00", "updated_at": "2026-03-18T03:53:29+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json" ] } }, "gitea--CVE-2025-68938": { "canonical_id": "gitea--CVE-2025-68938", "title": "gitea--CVE-2025-68938", "summary": "Derived from latest run gitea-gitea--CVE-2025-68938-20260318035317", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:17+00:00", "updated_at": "2026-03-18T03:53:23+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json" ] } }, "gitea--CVE-2022-42968": { "canonical_id": "gitea--CVE-2022-42968", "title": "gitea--CVE-2022-42968", "summary": "Derived from latest run gitea-gitea--CVE-2022-42968-20260318035311", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:11+00:00", "updated_at": "2026-03-18T03:53:17+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json" ] } }, "gitea--CVE-2022-38795": { "canonical_id": "gitea--CVE-2022-38795", "title": "gitea--CVE-2022-38795", "summary": "Derived from latest run gitea-gitea--CVE-2022-38795-20260318035304", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:53:04+00:00", "updated_at": "2026-03-18T03:53:11+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json" ] } }, "gitea--CVE-2022-38183": { "canonical_id": "gitea--CVE-2022-38183", "title": "gitea--CVE-2022-38183", "summary": "Derived from latest run gitea-gitea--CVE-2022-38183-20260318035258", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:58+00:00", "updated_at": "2026-03-18T03:53:04+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json" ] } }, "gitea--CVE-2022-30781": { "canonical_id": "gitea--CVE-2022-30781", "title": "gitea--CVE-2022-30781", "summary": "Derived from latest run gitea-gitea--CVE-2022-30781-20260318035252", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:52+00:00", "updated_at": "2026-03-18T03:52:58+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json" ] } }, "gitea--CVE-2022-27313": { "canonical_id": "gitea--CVE-2022-27313", "title": "gitea--CVE-2022-27313", "summary": "Derived from latest run gitea-gitea--CVE-2022-27313-20260318035245", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:45+00:00", "updated_at": "2026-03-18T03:52:52+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json" ] } }, "gitea--CVE-2022-1928": { "canonical_id": "gitea--CVE-2022-1928", "title": "gitea--CVE-2022-1928", "summary": "Derived from latest run gitea-gitea--CVE-2022-1928-20260318035239", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:39+00:00", "updated_at": "2026-03-18T03:52:45+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json" ] } }, "gitea--CVE-2022-1058": { "canonical_id": "gitea--CVE-2022-1058", "title": "gitea--CVE-2022-1058", "summary": "Derived from latest run gitea-gitea--CVE-2022-1058-20260318035233", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:33+00:00", "updated_at": "2026-03-18T03:52:39+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json" ] } }, "gitea--CVE-2022-0905": { "canonical_id": "gitea--CVE-2022-0905", "title": "gitea--CVE-2022-0905", "summary": "Derived from latest run gitea-gitea--CVE-2022-0905-20260318035226", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:26+00:00", "updated_at": "2026-03-18T03:52:33+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json" ] } }, "gitea--CVE-2021-45331": { "canonical_id": "gitea--CVE-2021-45331", "title": "gitea--CVE-2021-45331", "summary": "Derived from latest run gitea-gitea--CVE-2021-45331-20260318035220", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:20+00:00", "updated_at": "2026-03-18T03:52:26+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json" ] } }, "gitea--CVE-2021-45330": { "canonical_id": "gitea--CVE-2021-45330", "title": "gitea--CVE-2021-45330", "summary": "Derived from latest run gitea-gitea--CVE-2021-45330-20260318035214", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:14+00:00", "updated_at": "2026-03-18T03:52:20+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json" ] } }, "gitea--CVE-2021-45327": { "canonical_id": "gitea--CVE-2021-45327", "title": "gitea--CVE-2021-45327", "summary": "Derived from latest run gitea-gitea--CVE-2021-45327-20260318035207", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:07+00:00", "updated_at": "2026-03-18T03:52:14+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json" ] } }, "gitea--CVE-2021-3382": { "canonical_id": "gitea--CVE-2021-3382", "title": "gitea--CVE-2021-3382", "summary": "Derived from latest run gitea-gitea--CVE-2021-3382-20260318035201", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:52:01+00:00", "updated_at": "2026-03-18T03:52:07+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json" ] } }, "gitea--CVE-2021-29134": { "canonical_id": "gitea--CVE-2021-29134", "title": "gitea--CVE-2021-29134", "summary": "Derived from latest run gitea-gitea--CVE-2021-29134-20260318035154", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:51:54+00:00", "updated_at": "2026-03-18T03:52:01+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json" ] } }, "gitea--CVE-2021-28378": { "canonical_id": "gitea--CVE-2021-28378", "title": "gitea--CVE-2021-28378", "summary": "Derived from latest run gitea-gitea--CVE-2021-28378-20260318035148", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:51:48+00:00", "updated_at": "2026-03-18T03:51:54+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json" ] } }, "gitea--CVE-2020-13246": { "canonical_id": "gitea--CVE-2020-13246", "title": "gitea--CVE-2020-13246", "summary": "Derived from latest run gitea-gitea--CVE-2020-13246-20260318035142", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:51:42+00:00", "updated_at": "2026-03-18T03:51:48+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json" ] } }, "gitea--CVE-2019-1010261": { "canonical_id": "gitea--CVE-2019-1010261", "title": "gitea--CVE-2019-1010261", "summary": "Derived from latest run gitea-gitea--CVE-2019-1010261-20260318035135", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:51:35+00:00", "updated_at": "2026-03-18T03:51:42+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json" ] } }, "gitea--CVE-2018-18926": { "canonical_id": "gitea--CVE-2018-18926", "title": "gitea--CVE-2018-18926", "summary": "Derived from latest run gitea-gitea--CVE-2018-18926-20260318035129", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:51:29+00:00", "updated_at": "2026-03-18T03:51:35+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json" ] } }, "gitea--CVE-2018-15192": { "canonical_id": "gitea--CVE-2018-15192", "title": "gitea--CVE-2018-15192", "summary": "Derived from latest run gitea-gitea--CVE-2018-15192-20260318035123", "display_name": "Gitea", "system_id": "gitea", "category": "platforms", "severity": null, "cvss_score": null, "exploit_status": null, "published_at": "2026-03-18T03:51:23+00:00", "updated_at": "2026-03-18T03:51:29+00:00", "official_source_url": "", "secondary_source_urls": [], "aliases": [], "secure_code_topics": [ "authz-server-side-recheck", "token-cookie-storage", "proxy-trust-boundary" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } } }