全库 Advisory 完整度报告

系统覆盖矩阵

系统	总数	verified-real	manual	family 覆盖
adobe-commerce	81	0	81	xss(0/81)
apache-httpd	135	0	135	authz-bypass(0/1), file-upload(0/1), proxy-boundary(0/128), ssrf(0/1), xss(0/4)
apache-tomcat	136	0	136	authz-bypass(0/108), file-upload(0/2), path-traversal(0/3), plugin-extension(0/5), proxy-boundary(0/1), session-token(0/4), xss(0/13)
drupal	70	0	70	xss(0/70)
gitea	37	37	0	authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5)
joomla	100	0	100	xss(0/100)
magento-open-source	101	0	101	authz-bypass(0/1), file-upload(0/3), plugin-extension(0/78), sqli(0/1), xss(0/18)
nextjs	66	26	40	authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/55), request-smuggling(0/3), ssrf(2/2), xss(2/3)
nginx	110	0	110	authz-bypass(0/2), proxy-boundary(0/107), sqli(0/1)
nodejs	8	0	8	ssrf(0/8)
nuxt	28	0	28	proxy-boundary(0/26), xss(0/2)
opencart	100	0	100	deserialization(0/3), plugin-extension(0/69), sqli(0/12), ssrf(0/1), template-injection(0/1), xss(0/14)
prestashop	112	0	112	file-upload(0/1), plugin-extension(0/91), sqli(0/4), xss(0/16)
react	21	0	21	xss(0/21)
shopware	71	0	71	authz-bypass(0/2), deserialization(0/1), plugin-extension(0/55), sqli(0/2), ssrf(0/1), xss(0/10)
undici	14	14	0	ssrf(14/14)
vite	42	12	30	proxy-boundary(11/39), xss(1/3)
vue	15	0	15	xss(0/15)
woocommerce	111	0	111	xss(0/111)
wordpress	140	0	140	xss(0/140)

Docker daemon unavailable caused provision-compose-environment blocked-artifact.
Family profiles previously used note-only attack runners and dry-run placeholders.
Baseline and browser steps were skipped when environment readiness was not enforced.
Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
Source health now counts only status=active sources; retired sources are audited separately with replacement links.