2097 行
62 KiB
HTML
2097 行
62 KiB
HTML
<!doctype html>
|
|
<html lang="zh-CN">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<title>source-map 真值镜像</title>
|
|
<style>
|
|
:root {
|
|
--bg: #08111f;
|
|
--panel: rgba(9, 18, 32, 0.9);
|
|
--border: rgba(137, 171, 214, 0.2);
|
|
--text: #f7fafc;
|
|
--muted: #9fb3ca;
|
|
--accent: #5eead4;
|
|
}
|
|
* { box-sizing: border-box; }
|
|
body {
|
|
margin: 0;
|
|
min-height: 100vh;
|
|
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
|
|
color: var(--text);
|
|
background:
|
|
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
|
|
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
|
|
}
|
|
main {
|
|
max-width: 1080px;
|
|
margin: 0 auto;
|
|
padding: 32px 20px 40px;
|
|
}
|
|
.panel {
|
|
background: var(--panel);
|
|
border: 1px solid var(--border);
|
|
border-radius: 20px;
|
|
padding: 24px;
|
|
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
|
|
}
|
|
.actions {
|
|
display: flex;
|
|
flex-wrap: wrap;
|
|
gap: 12px;
|
|
margin-bottom: 18px;
|
|
}
|
|
.chip {
|
|
display: inline-flex;
|
|
align-items: center;
|
|
gap: 8px;
|
|
border-radius: 999px;
|
|
border: 1px solid var(--border);
|
|
padding: 10px 14px;
|
|
color: var(--text);
|
|
background: rgba(255,255,255,0.05);
|
|
text-decoration: none;
|
|
}
|
|
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
|
|
h1 {
|
|
margin: 0 0 12px;
|
|
font-family: "IBM Plex Serif", Georgia, serif;
|
|
font-size: clamp(1.8rem, 4vw, 3rem);
|
|
line-height: 1.08;
|
|
}
|
|
.meta {
|
|
color: var(--muted);
|
|
margin-bottom: 18px;
|
|
}
|
|
pre {
|
|
margin: 0;
|
|
padding: 20px;
|
|
overflow: auto;
|
|
border-radius: 16px;
|
|
border: 1px solid rgba(137, 171, 214, 0.12);
|
|
background: rgba(2, 8, 22, 0.84);
|
|
color: #d6e5f5;
|
|
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
|
|
font-size: 0.92rem;
|
|
line-height: 1.6;
|
|
white-space: pre-wrap;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<main>
|
|
<div class="panel">
|
|
<div class="actions">
|
|
<a class="chip" href="/overview/index.html">返回工作台</a>
|
|
</div>
|
|
<h1>source-map 真值镜像</h1>
|
|
<div class="meta">工作台内置镜像页:系统覆盖、来源、输出目录和 secure-code 主题真值。</div>
|
|
<pre>version: 1
|
|
systems:
|
|
- system_id: wordpress
|
|
display_name: WordPress
|
|
category: cms
|
|
tier: history-full
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: WordPress Security News
|
|
kind: html-links
|
|
url: https://wordpress.org/news/category/security/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [wordpress, security, release]
|
|
max_items: 40
|
|
- name: NVD WordPress
|
|
kind: nvd-search
|
|
keyword: WordPress
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 50
|
|
ecosystem_sources:
|
|
- name: Wordfence Vulnerability Database
|
|
kind: html-links
|
|
url: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/
|
|
confidence: ecosystem-authority
|
|
advisory_mode: plugin
|
|
keywords: [wordpress, plugin]
|
|
max_items: 50
|
|
- name: Patchstack Database
|
|
kind: html-links
|
|
url: https://patchstack.com/database/
|
|
confidence: ecosystem-authority
|
|
advisory_mode: plugin
|
|
keywords: [wordpress, plugin, theme]
|
|
max_items: 50
|
|
- name: WPScan Vulnerability Database
|
|
kind: html-links
|
|
url: https://wpscan.com/blog/
|
|
confidence: ecosystem-authority
|
|
advisory_mode: plugin
|
|
keywords: [wordpress, plugin, vulnerability]
|
|
max_items: 50
|
|
research_sources:
|
|
- name: PortSwigger Research
|
|
kind: html-links
|
|
url: https://portswigger.net/research
|
|
confidence: research
|
|
advisory_mode: core
|
|
keywords: [wordpress]
|
|
max_items: 20
|
|
package_names: []
|
|
cpe_keys: ["wordpress:wordpress"]
|
|
ghsa_keywords: [wordpress, wp-admin, wp-includes]
|
|
kev_keywords: [wordpress]
|
|
output_dir: 07-framework-security/cms/wordpress
|
|
secure_code_topics: [plugin-extension-trust-policy, xss-output-encoding, file-upload-validation, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: drupal
|
|
display_name: Drupal
|
|
category: cms
|
|
tier: history-full
|
|
advisory_modes: [core, module]
|
|
official_sources:
|
|
- name: Drupal Security Advisories RSS
|
|
kind: rss-feed
|
|
url: https://www.drupal.org/security/rss.xml
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [drupal, sa-core, security]
|
|
max_items: 60
|
|
- name: NVD Drupal
|
|
kind: nvd-search
|
|
keyword: Drupal
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 50
|
|
ecosystem_sources:
|
|
- name: Drupal Security Advisories Site
|
|
kind: html-links
|
|
url: https://www.drupal.org/security
|
|
confidence: ecosystem-authority
|
|
advisory_mode: module
|
|
keywords: [drupal, module, sa-contrib]
|
|
max_items: 50
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: drupal/core
|
|
cpe_keys: ["drupal:drupal"]
|
|
ghsa_keywords: [drupal, drupal core]
|
|
kev_keywords: [drupal]
|
|
output_dir: 07-framework-security/cms/drupal
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, file-upload-validation, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: joomla
|
|
display_name: Joomla
|
|
category: cms
|
|
tier: history-full
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: Joomla Security Centre
|
|
kind: html-links
|
|
url: https://developer.joomla.org/security-centre.html
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [joomla, security]
|
|
max_items: 50
|
|
- name: NVD Joomla
|
|
kind: nvd-search
|
|
keyword: Joomla
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 50
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["joomla:joomla!"]
|
|
ghsa_keywords: [joomla]
|
|
kev_keywords: [joomla]
|
|
output_dir: 07-framework-security/cms/joomla
|
|
secure_code_topics: [xss-output-encoding, file-upload-validation, path-traversal-guard, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: ghost
|
|
display_name: Ghost
|
|
category: cms
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Ghost GitHub Advisories
|
|
kind: html-links
|
|
url: https://github.com/TryGhost/Ghost/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [ghost]
|
|
max_items: 50
|
|
- name: NVD Ghost
|
|
kind: nvd-search
|
|
keyword: Ghost CMS
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: ghost
|
|
cpe_keys: []
|
|
ghsa_keywords: [ghost]
|
|
kev_keywords: [ghost]
|
|
output_dir: 07-framework-security/cms/ghost
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: strapi
|
|
display_name: Strapi
|
|
category: cms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Strapi GitHub Advisories
|
|
kind: html-links
|
|
url: https://github.com/strapi/strapi/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [strapi]
|
|
max_items: 50
|
|
- name: OSV Strapi
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: strapi
|
|
- ecosystem: npm
|
|
name: "@strapi/strapi"
|
|
cpe_keys: []
|
|
ghsa_keywords: [strapi]
|
|
kev_keywords: [strapi]
|
|
output_dir: 07-framework-security/cms/strapi
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: directus
|
|
display_name: Directus
|
|
category: cms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: Directus GitHub Advisories
|
|
kind: html-links
|
|
url: https://github.com/directus/directus/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [directus]
|
|
max_items: 50
|
|
- name: OSV Directus
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: directus
|
|
cpe_keys: []
|
|
ghsa_keywords: [directus]
|
|
kev_keywords: [directus]
|
|
output_dir: 07-framework-security/cms/directus
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: mediawiki
|
|
display_name: MediaWiki
|
|
category: cms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: MediaWiki Security Releases
|
|
kind: html-links
|
|
url: https://www.mediawiki.org/wiki/Security
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [mediawiki, security]
|
|
max_items: 50
|
|
- name: NVD MediaWiki
|
|
kind: nvd-search
|
|
keyword: MediaWiki
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["mediawiki:mediawiki"]
|
|
ghsa_keywords: [mediawiki]
|
|
kev_keywords: [mediawiki]
|
|
output_dir: 07-framework-security/cms/mediawiki
|
|
secure_code_topics: [xss-output-encoding, authz-server-side-recheck, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: moodle
|
|
display_name: Moodle
|
|
category: cms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Moodle Security News
|
|
kind: html-links
|
|
url: https://moodle.org/security/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [moodle, security]
|
|
max_items: 50
|
|
- name: NVD Moodle
|
|
kind: nvd-search
|
|
keyword: Moodle
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["moodle:moodle"]
|
|
ghsa_keywords: [moodle]
|
|
kev_keywords: [moodle]
|
|
output_dir: 07-framework-security/cms/moodle
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: discourse
|
|
display_name: Discourse
|
|
category: cms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Discourse Meta Security
|
|
kind: html-links
|
|
url: https://meta.discourse.org/c/bug/security/40
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [discourse, security]
|
|
max_items: 50
|
|
- name: GitHub Discourse Advisories
|
|
kind: html-links
|
|
url: https://github.com/discourse/discourse/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [discourse]
|
|
max_items: 50
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: rubygems
|
|
name: discourse
|
|
cpe_keys: []
|
|
ghsa_keywords: [discourse]
|
|
kev_keywords: [discourse]
|
|
output_dir: 07-framework-security/cms/discourse
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: adobe-commerce
|
|
display_name: Adobe Commerce
|
|
category: ecommerce
|
|
tier: history-full
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: Adobe Security Bulletins
|
|
kind: html-links
|
|
url: https://helpx.adobe.com/security/products/magento.html
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [adobe commerce, magento, apsb]
|
|
max_items: 60
|
|
- name: NVD Adobe Commerce
|
|
kind: nvd-search
|
|
keyword: Adobe Commerce
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 50
|
|
ecosystem_sources:
|
|
- name: Sansec Research
|
|
kind: html-links
|
|
url: https://sansec.io/research
|
|
confidence: ecosystem-authority
|
|
advisory_mode: extension
|
|
keywords: [magento, adobe commerce]
|
|
max_items: 50
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: magento/product-community-edition
|
|
- ecosystem: composer
|
|
name: magento/framework
|
|
cpe_keys: ["adobe:commerce", "magento:magento"]
|
|
ghsa_keywords: [magento, adobe commerce]
|
|
kev_keywords: [magento, adobe commerce]
|
|
output_dir: 07-framework-security/ecommerce/adobe-commerce
|
|
secure_code_topics: [authz-server-side-recheck, file-upload-validation, xss-output-encoding, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: magento-open-source
|
|
display_name: Magento Open Source
|
|
category: ecommerce
|
|
tier: history-full
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: Magento GitHub Advisories
|
|
kind: html-links
|
|
url: https://github.com/magento/magento2/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [magento]
|
|
max_items: 50
|
|
- name: NVD Magento
|
|
kind: nvd-search
|
|
keyword: Magento
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 50
|
|
ecosystem_sources:
|
|
- name: Sansec Research
|
|
kind: html-links
|
|
url: https://sansec.io/research
|
|
confidence: ecosystem-authority
|
|
advisory_mode: extension
|
|
keywords: [magento]
|
|
max_items: 50
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: magento/product-community-edition
|
|
- ecosystem: composer
|
|
name: magento/framework
|
|
cpe_keys: ["magento:magento"]
|
|
ghsa_keywords: [magento]
|
|
kev_keywords: [magento]
|
|
output_dir: 07-framework-security/ecommerce/magento-open-source
|
|
secure_code_topics: [authz-server-side-recheck, file-upload-validation, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: openmage
|
|
display_name: OpenMage / Mage-OS
|
|
category: ecommerce
|
|
tier: rolling-24m
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: OpenMage GitHub Advisories
|
|
kind: html-links
|
|
url: https://github.com/OpenMage/magento-lts/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [openmage, mage]
|
|
max_items: 50
|
|
- name: NVD OpenMage
|
|
kind: nvd-search
|
|
keyword: OpenMage
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: openmage/magento-lts
|
|
cpe_keys: []
|
|
ghsa_keywords: [openmage, mage-os]
|
|
kev_keywords: [openmage]
|
|
output_dir: 07-framework-security/ecommerce/openmage
|
|
secure_code_topics: [authz-server-side-recheck, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: woocommerce
|
|
display_name: WooCommerce
|
|
category: ecommerce
|
|
tier: history-full
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: Woo Developer Advisories
|
|
kind: html-links
|
|
url: https://developer.woocommerce.com/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [woocommerce, security]
|
|
max_items: 50
|
|
- name: GitHub WooCommerce Advisories
|
|
kind: html-links
|
|
url: https://github.com/woocommerce/woocommerce/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [woocommerce]
|
|
max_items: 50
|
|
ecosystem_sources:
|
|
- name: Patchstack Database
|
|
kind: html-links
|
|
url: https://patchstack.com/database/
|
|
confidence: ecosystem-authority
|
|
advisory_mode: extension
|
|
keywords: [woocommerce]
|
|
max_items: 50
|
|
- name: Wordfence Vulnerability Database
|
|
kind: html-links
|
|
url: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/
|
|
confidence: ecosystem-authority
|
|
advisory_mode: extension
|
|
keywords: [woocommerce]
|
|
max_items: 50
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: "@woocommerce/blocks"
|
|
- ecosystem: composer
|
|
name: woocommerce/woocommerce
|
|
cpe_keys: []
|
|
ghsa_keywords: [woocommerce]
|
|
kev_keywords: [woocommerce]
|
|
output_dir: 07-framework-security/ecommerce/woocommerce
|
|
secure_code_topics: [plugin-extension-trust-policy, xss-output-encoding, authz-server-side-recheck]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: prestashop
|
|
display_name: PrestaShop
|
|
category: ecommerce
|
|
tier: history-full
|
|
advisory_modes: [core, module]
|
|
official_sources:
|
|
- name: PrestaShop Security Page
|
|
kind: html-links
|
|
url: https://build.prestashop-project.org/news/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [prestashop, security]
|
|
max_items: 50
|
|
- name: GitHub PrestaShop Advisories
|
|
kind: html-links
|
|
url: https://github.com/PrestaShop/PrestaShop/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [prestashop]
|
|
max_items: 50
|
|
ecosystem_sources:
|
|
- name: Friends Of Presta Security
|
|
kind: html-links
|
|
url: https://security.friendsofpresta.org/
|
|
confidence: ecosystem-authority
|
|
advisory_mode: module
|
|
keywords: [prestashop, module]
|
|
max_items: 50
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: prestashop/prestashop
|
|
cpe_keys: ["prestashop:prestashop"]
|
|
ghsa_keywords: [prestashop]
|
|
kev_keywords: [prestashop]
|
|
output_dir: 07-framework-security/ecommerce/prestashop
|
|
secure_code_topics: [plugin-extension-trust-policy, authz-server-side-recheck, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: shopware
|
|
display_name: Shopware
|
|
category: ecommerce
|
|
tier: history-full
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: Shopware Security Advisories
|
|
kind: html-links
|
|
url: https://github.com/shopware/shopware/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [shopware]
|
|
max_items: 50
|
|
- name: NVD Shopware
|
|
kind: nvd-search
|
|
keyword: Shopware
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: shopware/platform
|
|
cpe_keys: []
|
|
ghsa_keywords: [shopware]
|
|
kev_keywords: [shopware]
|
|
output_dir: 07-framework-security/ecommerce/shopware
|
|
secure_code_topics: [authz-server-side-recheck, plugin-extension-trust-policy, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: opencart
|
|
display_name: OpenCart
|
|
category: ecommerce
|
|
tier: history-full
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: OpenCart Releases
|
|
kind: html-links
|
|
url: https://github.com/opencart/opencart/releases
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [opencart]
|
|
max_items: 50
|
|
- name: NVD OpenCart
|
|
kind: nvd-search
|
|
keyword: OpenCart
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 50
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: composer
|
|
name: opencart/opencart
|
|
cpe_keys: ["opencart:opencart"]
|
|
ghsa_keywords: [opencart]
|
|
kev_keywords: [opencart]
|
|
output_dir: 07-framework-security/ecommerce/opencart
|
|
secure_code_topics: [authz-server-side-recheck, plugin-extension-trust-policy, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: saleor
|
|
display_name: Saleor
|
|
category: ecommerce
|
|
tier: rolling-24m
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: GitHub Saleor Advisories
|
|
kind: html-links
|
|
url: https://github.com/saleor/saleor/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [saleor]
|
|
max_items: 50
|
|
- name: NVD Saleor
|
|
kind: nvd-search
|
|
keyword: Saleor
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: pypi
|
|
name: saleor
|
|
cpe_keys: []
|
|
ghsa_keywords: [saleor]
|
|
kev_keywords: [saleor]
|
|
output_dir: 07-framework-security/ecommerce/saleor
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: medusa
|
|
display_name: Medusa
|
|
category: ecommerce
|
|
tier: rolling-24m
|
|
advisory_modes: [core, extension]
|
|
official_sources:
|
|
- name: GitHub Medusa Advisories
|
|
kind: html-links
|
|
url: https://github.com/medusajs/medusa/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [medusa]
|
|
max_items: 50
|
|
- name: OSV Medusa
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: "@medusajs/medusa"
|
|
cpe_keys: []
|
|
ghsa_keywords: [medusa]
|
|
kev_keywords: [medusa]
|
|
output_dir: 07-framework-security/ecommerce/medusa
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: react
|
|
display_name: React
|
|
category: frameworks
|
|
tier: history-full
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GitHub React Advisories
|
|
kind: html-links
|
|
url: https://github.com/facebook/react/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [react]
|
|
max_items: 50
|
|
- name: GHSA React
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV React
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: react
|
|
- ecosystem: npm
|
|
name: react-dom
|
|
cpe_keys: []
|
|
ghsa_keywords: [react, react-dom]
|
|
kev_keywords: [react]
|
|
output_dir: 07-framework-security/frameworks/react
|
|
secure_code_topics: [xss-output-encoding, dom-sink-hardening, csp-trusted-types]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: nextjs
|
|
display_name: Next.js
|
|
category: frameworks
|
|
tier: history-full
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GitHub Next.js Advisories
|
|
kind: html-links
|
|
url: https://github.com/vercel/next.js/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [next.js, next]
|
|
max_items: 50
|
|
- name: GHSA Next.js
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Next.js
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: next
|
|
cpe_keys: []
|
|
ghsa_keywords: [next.js, next]
|
|
kev_keywords: [next]
|
|
output_dir: 07-framework-security/frameworks/nextjs
|
|
secure_code_topics: [authz-server-side-recheck, proxy-trust-boundary, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: vue
|
|
display_name: Vue
|
|
category: frameworks
|
|
tier: history-full
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Vue Security
|
|
kind: html-links
|
|
url: https://github.com/vuejs/core/security
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [vue]
|
|
max_items: 50
|
|
- name: GHSA Vue
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Vue
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: vue
|
|
- ecosystem: npm
|
|
name: "@vue/compiler-sfc"
|
|
cpe_keys: []
|
|
ghsa_keywords: [vue, vue compiler]
|
|
kev_keywords: [vue]
|
|
output_dir: 07-framework-security/frameworks/vue
|
|
secure_code_topics: [xss-output-encoding, template-injection-guard, csp-trusted-types]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: nuxt
|
|
display_name: Nuxt
|
|
category: frameworks
|
|
tier: history-full
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Nuxt Security
|
|
kind: html-links
|
|
url: https://github.com/nuxt/nuxt/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [nuxt]
|
|
max_items: 50
|
|
- name: GHSA Nuxt
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Nuxt
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: nuxt
|
|
cpe_keys: []
|
|
ghsa_keywords: [nuxt]
|
|
kev_keywords: [nuxt]
|
|
output_dir: 07-framework-security/frameworks/nuxt
|
|
secure_code_topics: [authz-server-side-recheck, proxy-trust-boundary, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: vite
|
|
display_name: Vite
|
|
category: frameworks
|
|
tier: history-full
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Vite Security
|
|
kind: html-links
|
|
url: https://github.com/vitejs/vite/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [vite]
|
|
max_items: 50
|
|
- name: GHSA Vite
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Vite
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: vite
|
|
cpe_keys: []
|
|
ghsa_keywords: [vite]
|
|
kev_keywords: [vite]
|
|
output_dir: 07-framework-security/frameworks/vite
|
|
secure_code_topics: [dependency-upgrade-policy, file-upload-validation, proxy-trust-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: angular
|
|
display_name: Angular
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Angular
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Angular
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: "@angular/core"
|
|
- ecosystem: npm
|
|
name: "@angular/compiler"
|
|
cpe_keys: []
|
|
ghsa_keywords: [angular]
|
|
kev_keywords: [angular]
|
|
output_dir: 07-framework-security/frameworks/angular
|
|
secure_code_topics: [xss-output-encoding, template-injection-guard, csp-trusted-types]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: sveltekit
|
|
display_name: SvelteKit
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA SvelteKit
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV SvelteKit
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: "@sveltejs/kit"
|
|
cpe_keys: []
|
|
ghsa_keywords: [sveltekit, svelte]
|
|
kev_keywords: [sveltekit]
|
|
output_dir: 07-framework-security/frameworks/sveltekit
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: astro
|
|
display_name: Astro
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Astro
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Astro
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: astro
|
|
cpe_keys: []
|
|
ghsa_keywords: [astro]
|
|
kev_keywords: [astro]
|
|
output_dir: 07-framework-security/frameworks/astro
|
|
secure_code_topics: [authz-server-side-recheck, csp-trusted-types]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: express
|
|
display_name: Express
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Express
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Express
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: express
|
|
cpe_keys: []
|
|
ghsa_keywords: [express]
|
|
kev_keywords: [express]
|
|
output_dir: 07-framework-security/frameworks/express
|
|
secure_code_topics: [xss-output-encoding, ssrf-url-validation, proxy-trust-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: nestjs
|
|
display_name: NestJS
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA NestJS
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV NestJS
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: "@nestjs/core"
|
|
cpe_keys: []
|
|
ghsa_keywords: [nestjs]
|
|
kev_keywords: [nestjs]
|
|
output_dir: 07-framework-security/frameworks/nestjs
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage, ssrf-url-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: koa
|
|
display_name: Koa
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Koa
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Koa
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: koa
|
|
cpe_keys: []
|
|
ghsa_keywords: [koa]
|
|
kev_keywords: [koa]
|
|
output_dir: 07-framework-security/frameworks/koa
|
|
secure_code_topics: [proxy-trust-boundary, ssrf-url-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: fastify
|
|
display_name: Fastify
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Fastify
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Fastify
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: fastify
|
|
cpe_keys: []
|
|
ghsa_keywords: [fastify]
|
|
kev_keywords: [fastify]
|
|
output_dir: 07-framework-security/frameworks/fastify
|
|
secure_code_topics: [proxy-trust-boundary, ssrf-url-validation, xss-output-encoding]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: hapi
|
|
display_name: Hapi
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Hapi
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Hapi
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: "@hapi/hapi"
|
|
cpe_keys: []
|
|
ghsa_keywords: [hapi]
|
|
kev_keywords: [hapi]
|
|
output_dir: 07-framework-security/frameworks/hapi
|
|
secure_code_topics: [proxy-trust-boundary, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: nodejs
|
|
display_name: Node.js
|
|
category: frameworks
|
|
tier: history-full
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Node.js Security Releases
|
|
kind: html-links
|
|
url: https://nodejs.org/en/blog/vulnerability
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [node.js, security]
|
|
max_items: 60
|
|
- name: CISA KEV Node.js
|
|
kind: kev-json
|
|
url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [node.js, nodejs]
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["nodejs:node.js"]
|
|
ghsa_keywords: [nodejs, node.js]
|
|
kev_keywords: [nodejs, node.js]
|
|
output_dir: 07-framework-security/frameworks/nodejs
|
|
secure_code_topics: [ssrf-url-validation, request-smuggling-boundary, dependency-upgrade-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: undici
|
|
display_name: Undici
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Undici
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Undici
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: undici
|
|
cpe_keys: []
|
|
ghsa_keywords: [undici]
|
|
kev_keywords: [undici]
|
|
output_dir: 07-framework-security/frameworks/undici
|
|
secure_code_topics: [ssrf-url-validation, proxy-trust-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: webpack
|
|
display_name: webpack
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: GHSA webpack
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV webpack
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: webpack
|
|
cpe_keys: []
|
|
ghsa_keywords: [webpack]
|
|
kev_keywords: [webpack]
|
|
output_dir: 07-framework-security/frameworks/webpack
|
|
secure_code_topics: [dependency-upgrade-policy, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: esbuild
|
|
display_name: esbuild
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA esbuild
|
|
kind: ghsa-global
|
|
ecosystem: npm
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV esbuild
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: npm
|
|
name: esbuild
|
|
cpe_keys: []
|
|
ghsa_keywords: [esbuild]
|
|
kev_keywords: [esbuild]
|
|
output_dir: 07-framework-security/frameworks/esbuild
|
|
secure_code_topics: [dependency-upgrade-policy, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: spring-framework
|
|
display_name: Spring Framework
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Spring Security Advisories
|
|
kind: html-links
|
|
url: https://spring.io/security
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [spring framework, cve]
|
|
max_items: 50
|
|
- name: GHSA Spring Framework
|
|
kind: ghsa-global
|
|
ecosystem: maven
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Maven
|
|
name: org.springframework:spring-web
|
|
- ecosystem: Maven
|
|
name: org.springframework:spring-core
|
|
cpe_keys: ["vmware:spring_framework"]
|
|
ghsa_keywords: [spring framework]
|
|
kev_keywords: [spring]
|
|
output_dir: 07-framework-security/frameworks/spring-framework
|
|
secure_code_topics: [authz-server-side-recheck, path-traversal-guard, deserialization-safety]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: spring-security
|
|
display_name: Spring Security
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Spring Security Advisories
|
|
kind: html-links
|
|
url: https://spring.io/security
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [spring security]
|
|
max_items: 50
|
|
- name: GHSA Spring Security
|
|
kind: ghsa-global
|
|
ecosystem: maven
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Maven
|
|
name: org.springframework.security:spring-security-web
|
|
cpe_keys: []
|
|
ghsa_keywords: [spring security]
|
|
kev_keywords: [spring security]
|
|
output_dir: 07-framework-security/frameworks/spring-security
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage, proxy-trust-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: spring-boot
|
|
display_name: Spring Boot
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Spring Security Advisories
|
|
kind: html-links
|
|
url: https://spring.io/security
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [spring boot]
|
|
max_items: 50
|
|
- name: GHSA Spring Boot
|
|
kind: ghsa-global
|
|
ecosystem: maven
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Maven
|
|
name: org.springframework.boot:spring-boot
|
|
cpe_keys: []
|
|
ghsa_keywords: [spring boot]
|
|
kev_keywords: [spring boot]
|
|
output_dir: 07-framework-security/frameworks/spring-boot
|
|
secure_code_topics: [proxy-trust-boundary, authz-server-side-recheck]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: laravel
|
|
display_name: Laravel
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Laravel
|
|
kind: ghsa-global
|
|
ecosystem: composer
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Laravel
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Packagist
|
|
name: laravel/framework
|
|
cpe_keys: []
|
|
ghsa_keywords: [laravel]
|
|
kev_keywords: [laravel]
|
|
output_dir: 07-framework-security/frameworks/laravel
|
|
secure_code_topics: [xss-output-encoding, authz-server-side-recheck, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: symfony
|
|
display_name: Symfony
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Symfony
|
|
kind: ghsa-global
|
|
ecosystem: composer
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Symfony
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Packagist
|
|
name: symfony/symfony
|
|
- ecosystem: Packagist
|
|
name: symfony/http-kernel
|
|
cpe_keys: []
|
|
ghsa_keywords: [symfony]
|
|
kev_keywords: [symfony]
|
|
output_dir: 07-framework-security/frameworks/symfony
|
|
secure_code_topics: [xss-output-encoding, authz-server-side-recheck, path-traversal-guard]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: django
|
|
display_name: Django
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: Django Security RSS
|
|
kind: rss-feed
|
|
url: https://www.djangoproject.com/weblog/feeds/tags/security/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [django]
|
|
max_items: 60
|
|
- name: OSV Django
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: PyPI
|
|
name: django
|
|
cpe_keys: ["djangoproject:django"]
|
|
ghsa_keywords: [django]
|
|
kev_keywords: [django]
|
|
output_dir: 07-framework-security/frameworks/django
|
|
secure_code_topics: [xss-output-encoding, path-traversal-guard, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: flask
|
|
display_name: Flask
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: OSV Flask
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: GHSA Flask
|
|
kind: ghsa-global
|
|
ecosystem: pip
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: PyPI
|
|
name: flask
|
|
cpe_keys: []
|
|
ghsa_keywords: [flask]
|
|
kev_keywords: [flask]
|
|
output_dir: 07-framework-security/frameworks/flask
|
|
secure_code_topics: [xss-output-encoding, ssrf-url-validation, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: werkzeug
|
|
display_name: Werkzeug
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: OSV Werkzeug
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: GHSA Werkzeug
|
|
kind: ghsa-global
|
|
ecosystem: pip
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: PyPI
|
|
name: werkzeug
|
|
cpe_keys: []
|
|
ghsa_keywords: [werkzeug]
|
|
kev_keywords: [werkzeug]
|
|
output_dir: 07-framework-security/frameworks/werkzeug
|
|
secure_code_topics: [proxy-trust-boundary, request-smuggling-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: rails
|
|
display_name: Ruby on Rails
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GHSA Rails
|
|
kind: ghsa-global
|
|
ecosystem: rubygems
|
|
name: GitHub Global Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
- name: OSV Rails
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: RubyGems
|
|
name: rails
|
|
cpe_keys: []
|
|
ghsa_keywords: [rails]
|
|
kev_keywords: [rails]
|
|
output_dir: 07-framework-security/frameworks/rails
|
|
secure_code_topics: [xss-output-encoding, file-upload-validation, authz-server-side-recheck]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: aspnet-core
|
|
display_name: ASP.NET Core
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: NVD ASP.NET Core
|
|
kind: nvd-search
|
|
keyword: ASP.NET Core
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["microsoft:asp.net_core"]
|
|
ghsa_keywords: [asp.net core]
|
|
kev_keywords: [asp.net core]
|
|
output_dir: 07-framework-security/frameworks/aspnet-core
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, file-upload-validation]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: gin
|
|
display_name: Gin
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: OSV Gin
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Go
|
|
name: github.com/gin-gonic/gin
|
|
cpe_keys: []
|
|
ghsa_keywords: [gin]
|
|
kev_keywords: [gin]
|
|
output_dir: 07-framework-security/frameworks/gin
|
|
secure_code_topics: [proxy-trust-boundary, xss-output-encoding]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: echo
|
|
display_name: Echo
|
|
category: frameworks
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: OSV Echo
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Go
|
|
name: github.com/labstack/echo/v4
|
|
cpe_keys: []
|
|
ghsa_keywords: [echo]
|
|
kev_keywords: [echo]
|
|
output_dir: 07-framework-security/frameworks/echo
|
|
secure_code_topics: [proxy-trust-boundary, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: nginx
|
|
display_name: Nginx
|
|
category: servers
|
|
tier: history-full
|
|
advisory_modes: [server]
|
|
official_sources:
|
|
- name: NGINX Security Advisories
|
|
kind: html-links
|
|
url: https://nginx.org/en/security_advisories.html
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [nginx, security]
|
|
max_items: 60
|
|
- name: NVD NGINX
|
|
kind: nvd-search
|
|
keyword: NGINX
|
|
confidence: official
|
|
advisory_mode: server
|
|
results_per_page: 50
|
|
- name: CISA KEV NGINX
|
|
kind: kev-json
|
|
url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [nginx]
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["f5:nginx", "nginx:nginx"]
|
|
ghsa_keywords: [nginx]
|
|
kev_keywords: [nginx]
|
|
output_dir: 07-framework-security/servers/nginx
|
|
secure_code_topics: [proxy-trust-boundary, request-smuggling-boundary, csp-trusted-types]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: apache-httpd
|
|
display_name: Apache HTTP Server
|
|
category: servers
|
|
tier: history-full
|
|
advisory_modes: [server]
|
|
official_sources:
|
|
- name: Apache HTTPD Security
|
|
kind: html-links
|
|
url: https://httpd.apache.org/security/vulnerabilities_24.html
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [apache, http server, cve]
|
|
max_items: 80
|
|
- name: CISA KEV Apache HTTPD
|
|
kind: kev-json
|
|
url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [apache http server]
|
|
- name: NVD Apache HTTP Server
|
|
kind: nvd-search
|
|
keyword: Apache HTTP Server
|
|
confidence: official
|
|
advisory_mode: server
|
|
results_per_page: 50
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["apache:http_server"]
|
|
ghsa_keywords: [apache http server, httpd]
|
|
kev_keywords: [apache http server, httpd]
|
|
output_dir: 07-framework-security/servers/apache-httpd
|
|
secure_code_topics: [request-smuggling-boundary, proxy-trust-boundary, path-traversal-guard]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: apache-tomcat
|
|
display_name: Apache Tomcat
|
|
category: servers
|
|
tier: history-full
|
|
advisory_modes: [server]
|
|
official_sources:
|
|
- name: Apache Tomcat Security
|
|
kind: html-links
|
|
url: https://tomcat.apache.org/security-10.html
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [tomcat, cve]
|
|
max_items: 80
|
|
- name: CISA KEV Tomcat
|
|
kind: kev-json
|
|
url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [tomcat]
|
|
- name: NVD Tomcat
|
|
kind: nvd-search
|
|
keyword: Apache Tomcat
|
|
confidence: official
|
|
advisory_mode: server
|
|
results_per_page: 50
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["apache:tomcat"]
|
|
ghsa_keywords: [tomcat]
|
|
kev_keywords: [tomcat]
|
|
output_dir: 07-framework-security/servers/apache-tomcat
|
|
secure_code_topics: [request-smuggling-boundary, authz-server-side-recheck, path-traversal-guard]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: caddy
|
|
display_name: Caddy
|
|
category: servers
|
|
tier: rolling-24m
|
|
advisory_modes: [server]
|
|
official_sources:
|
|
- name: GitHub Caddy Advisories
|
|
kind: html-links
|
|
url: https://github.com/caddyserver/caddy/security/advisories
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [caddy]
|
|
max_items: 50
|
|
- name: OSV Caddy
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: server
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Go
|
|
name: github.com/caddyserver/caddy/v2
|
|
cpe_keys: []
|
|
ghsa_keywords: [caddy]
|
|
kev_keywords: [caddy]
|
|
output_dir: 07-framework-security/servers/caddy
|
|
secure_code_topics: [proxy-trust-boundary, request-smuggling-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: traefik
|
|
display_name: Traefik
|
|
category: servers
|
|
tier: rolling-24m
|
|
advisory_modes: [server]
|
|
official_sources:
|
|
- name: GitHub Traefik Advisories
|
|
kind: html-links
|
|
url: https://github.com/traefik/traefik/security/advisories
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [traefik]
|
|
max_items: 50
|
|
- name: OSV Traefik
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: server
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Go
|
|
name: github.com/traefik/traefik/v3
|
|
cpe_keys: []
|
|
ghsa_keywords: [traefik]
|
|
kev_keywords: [traefik]
|
|
output_dir: 07-framework-security/servers/traefik
|
|
secure_code_topics: [proxy-trust-boundary, request-smuggling-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: haproxy
|
|
display_name: HAProxy
|
|
category: servers
|
|
tier: rolling-24m
|
|
advisory_modes: [server]
|
|
official_sources:
|
|
- name: HAProxy Security Advisories
|
|
kind: html-links
|
|
url: https://www.haproxy.org/security/
|
|
confidence: official
|
|
advisory_mode: server
|
|
keywords: [haproxy, security]
|
|
max_items: 50
|
|
- name: NVD HAProxy
|
|
kind: nvd-search
|
|
keyword: HAProxy
|
|
confidence: official
|
|
advisory_mode: server
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["haproxy:haproxy"]
|
|
ghsa_keywords: [haproxy]
|
|
kev_keywords: [haproxy]
|
|
output_dir: 07-framework-security/servers/haproxy
|
|
secure_code_topics: [proxy-trust-boundary, request-smuggling-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: phpmyadmin
|
|
display_name: phpMyAdmin
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: phpMyAdmin Security Page
|
|
kind: html-links
|
|
url: https://www.phpmyadmin.net/security/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [phpmyadmin]
|
|
max_items: 50
|
|
- name: NVD phpMyAdmin
|
|
kind: nvd-search
|
|
keyword: phpMyAdmin
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Packagist
|
|
name: phpmyadmin/phpmyadmin
|
|
cpe_keys: ["phpmyadmin:phpmyadmin"]
|
|
ghsa_keywords: [phpmyadmin]
|
|
kev_keywords: [phpmyadmin]
|
|
output_dir: 07-framework-security/platforms/phpmyadmin
|
|
secure_code_topics: [xss-output-encoding, authz-server-side-recheck, path-traversal-guard]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: adminer
|
|
display_name: Adminer
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: NVD Adminer
|
|
kind: nvd-search
|
|
keyword: Adminer
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["adminer:adminer"]
|
|
ghsa_keywords: [adminer]
|
|
kev_keywords: [adminer]
|
|
output_dir: 07-framework-security/platforms/adminer
|
|
secure_code_topics: [xss-output-encoding, authz-server-side-recheck]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: gitea
|
|
display_name: Gitea
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GitHub Gitea Advisories
|
|
kind: html-links
|
|
url: https://github.com/go-gitea/gitea/security/advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [gitea]
|
|
max_items: 50
|
|
- name: OSV Gitea
|
|
kind: osv-batch
|
|
confidence: official
|
|
advisory_mode: core
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: Go
|
|
name: code.gitea.io/gitea
|
|
cpe_keys: []
|
|
ghsa_keywords: [gitea]
|
|
kev_keywords: [gitea]
|
|
output_dir: 07-framework-security/platforms/gitea
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage, proxy-trust-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: gitlab-ce
|
|
display_name: GitLab CE
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core]
|
|
official_sources:
|
|
- name: GitLab Security Releases
|
|
kind: html-links
|
|
url: https://about.gitlab.com/releases/categories/releases/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [security release, gitlab]
|
|
max_items: 50
|
|
- name: NVD GitLab
|
|
kind: nvd-search
|
|
keyword: GitLab CE
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources:
|
|
- name: GitLab Advisory Database
|
|
kind: html-links
|
|
url: https://gitlab.com/gitlab-org/advisories-community
|
|
confidence: ecosystem-authority
|
|
advisory_mode: core
|
|
keywords: [gitlab]
|
|
max_items: 50
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["gitlab:gitlab"]
|
|
ghsa_keywords: [gitlab]
|
|
kev_keywords: [gitlab]
|
|
output_dir: 07-framework-security/platforms/gitlab-ce
|
|
secure_code_topics: [authz-server-side-recheck, token-cookie-storage, deserialization-safety]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: jenkins
|
|
display_name: Jenkins
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Jenkins Security Advisories
|
|
kind: html-links
|
|
url: https://www.jenkins.io/security/advisories/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [jenkins]
|
|
max_items: 60
|
|
- name: NVD Jenkins
|
|
kind: nvd-search
|
|
keyword: Jenkins
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["jenkins:jenkins"]
|
|
ghsa_keywords: [jenkins]
|
|
kev_keywords: [jenkins]
|
|
output_dir: 07-framework-security/platforms/jenkins
|
|
secure_code_topics: [plugin-extension-trust-policy, authz-server-side-recheck, deserialization-safety]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
extension_markdown_on_high_value: true
|
|
|
|
- system_id: grafana
|
|
display_name: Grafana
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Grafana Security Advisories
|
|
kind: html-links
|
|
url: https://grafana.com/security/security-advisories/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [grafana]
|
|
max_items: 60
|
|
- name: CISA KEV Grafana
|
|
kind: kev-json
|
|
url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [grafana]
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["grafana:grafana"]
|
|
ghsa_keywords: [grafana]
|
|
kev_keywords: [grafana]
|
|
output_dir: 07-framework-security/platforms/grafana
|
|
secure_code_topics: [authz-server-side-recheck, plugin-extension-trust-policy, xss-output-encoding]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: kibana
|
|
display_name: Kibana
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Elastic Security Announcements
|
|
kind: html-links
|
|
url: https://discuss.elastic.co/c/announcements/security-announcements/31
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [kibana, elastic, security]
|
|
max_items: 60
|
|
- name: NVD Kibana
|
|
kind: nvd-search
|
|
keyword: Kibana
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["elastic:kibana"]
|
|
ghsa_keywords: [kibana]
|
|
kev_keywords: [kibana]
|
|
output_dir: 07-framework-security/platforms/kibana
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, proxy-trust-boundary]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: mattermost
|
|
display_name: Mattermost
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Mattermost Security Updates
|
|
kind: html-links
|
|
url: https://mattermost.com/security-updates/
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [mattermost]
|
|
max_items: 50
|
|
- name: NVD Mattermost
|
|
kind: nvd-search
|
|
keyword: Mattermost
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names: []
|
|
cpe_keys: ["mattermost:mattermost"]
|
|
ghsa_keywords: [mattermost]
|
|
kev_keywords: [mattermost]
|
|
output_dir: 07-framework-security/platforms/mattermost
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, token-cookie-storage]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
|
|
- system_id: redmine
|
|
display_name: Redmine
|
|
category: platforms
|
|
tier: rolling-24m
|
|
advisory_modes: [core, plugin]
|
|
official_sources:
|
|
- name: Redmine Security Advisories
|
|
kind: html-links
|
|
url: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
|
|
confidence: official
|
|
advisory_mode: core
|
|
keywords: [redmine]
|
|
max_items: 50
|
|
- name: NVD Redmine
|
|
kind: nvd-search
|
|
keyword: Redmine
|
|
confidence: official
|
|
advisory_mode: core
|
|
results_per_page: 40
|
|
ecosystem_sources: []
|
|
research_sources: []
|
|
package_names:
|
|
- ecosystem: RubyGems
|
|
name: redmine
|
|
cpe_keys: ["redmine:redmine"]
|
|
ghsa_keywords: [redmine]
|
|
kev_keywords: [redmine]
|
|
output_dir: 07-framework-security/platforms/redmine
|
|
secure_code_topics: [authz-server-side-recheck, xss-output-encoding, plugin-extension-trust-policy]
|
|
render_policy:
|
|
core_always_markdown: true
|
|
</pre>
|
|
</div>
|
|
</main>
|
|
</body>
|
|
</html>
|