@blamejs/exceptd-skills 0.13.18 → 0.13.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +79 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +14 -0
- package/data/_indexes/frequency.json +1 -0
- package/data/attack-techniques.json +2600 -109
- package/data/cve-catalog.json +147 -2678
- package/data/cwe-catalog.json +60 -1
- package/data/framework-control-gaps.json +252 -84
- package/data/rfc-references.json +286 -125
- package/data/zeroday-lessons.json +17 -2909
- package/lib/canonical-eq.js +88 -0
- package/lib/cve-regression-watcher.js +130 -9
- package/lib/source-advisories.js +9 -34
- package/lib/version-pins.js +73 -0
- package/lib/xml-tokenizer.js +344 -0
- package/manifest.json +44 -44
- package/package.json +6 -2
- package/sbom.cdx.json +108 -33
- package/scripts/audit-catalog-gaps.js +347 -0
- package/scripts/check-test-coverage.js +16 -10
- package/scripts/refresh-mitre-ics-attack.js +15 -0
- package/scripts/refresh-upstream-catalogs.js +171 -54
package/data/cwe-catalog.json
CHANGED
|
@@ -142,6 +142,7 @@
|
|
|
142
142
|
"CVE-2025-29635",
|
|
143
143
|
"CVE-2025-4008",
|
|
144
144
|
"CVE-2025-53773",
|
|
145
|
+
"CVE-2025-55319",
|
|
145
146
|
"CVE-2025-59689",
|
|
146
147
|
"CVE-2026-22719",
|
|
147
148
|
"MAL-2026-3083"
|
|
@@ -366,6 +367,7 @@
|
|
|
366
367
|
"CVE-2026-1281",
|
|
367
368
|
"CVE-2026-1340",
|
|
368
369
|
"CVE-2026-20045",
|
|
370
|
+
"CVE-2026-30615",
|
|
369
371
|
"CVE-2026-33017",
|
|
370
372
|
"CVE-2026-34197",
|
|
371
373
|
"CVE-2026-6973",
|
|
@@ -470,6 +472,7 @@
|
|
|
470
472
|
"webapp-security"
|
|
471
473
|
],
|
|
472
474
|
"evidence_cves": [
|
|
475
|
+
"CVE-2024-40635",
|
|
473
476
|
"CVE-2025-31125",
|
|
474
477
|
"CVE-2026-20133",
|
|
475
478
|
"CVE-2026-20805"
|
|
@@ -569,6 +572,7 @@
|
|
|
569
572
|
"evidence_cves": [
|
|
570
573
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
571
574
|
"CVE-2021-43226",
|
|
575
|
+
"CVE-2024-21626",
|
|
572
576
|
"CVE-2024-8068",
|
|
573
577
|
"CVE-2025-48543",
|
|
574
578
|
"CVE-2025-48572",
|
|
@@ -657,6 +661,7 @@
|
|
|
657
661
|
"CVE-2020-10148",
|
|
658
662
|
"CVE-2021-32030",
|
|
659
663
|
"CVE-2023-27351",
|
|
664
|
+
"CVE-2024-1709",
|
|
660
665
|
"CVE-2025-32975",
|
|
661
666
|
"CVE-2025-3935",
|
|
662
667
|
"CVE-2025-49706",
|
|
@@ -1129,6 +1134,8 @@
|
|
|
1129
1134
|
"CVE-2025-27038",
|
|
1130
1135
|
"CVE-2025-32701",
|
|
1131
1136
|
"CVE-2025-32709",
|
|
1137
|
+
"CVE-2025-43529",
|
|
1138
|
+
"CVE-2025-49844",
|
|
1132
1139
|
"CVE-2025-62221",
|
|
1133
1140
|
"CVE-2026-2441",
|
|
1134
1141
|
"CVE-2026-5281"
|
|
@@ -1278,6 +1285,7 @@
|
|
|
1278
1285
|
"CVE-2025-53690",
|
|
1279
1286
|
"CVE-2025-53770",
|
|
1280
1287
|
"CVE-2025-59287",
|
|
1288
|
+
"CVE-2025-68664",
|
|
1281
1289
|
"CVE-2026-20131",
|
|
1282
1290
|
"CVE-2026-20963"
|
|
1283
1291
|
],
|
|
@@ -1312,6 +1320,7 @@
|
|
|
1312
1320
|
"CVE-2025-54313",
|
|
1313
1321
|
"CVE-2025-59374",
|
|
1314
1322
|
"CVE-2026-33634",
|
|
1323
|
+
"CVE-2026-45321",
|
|
1315
1324
|
"MAL-2026-3083",
|
|
1316
1325
|
"MAL-2026-NODE-IPC-STEALER",
|
|
1317
1326
|
"MAL-2026-SHAI-HULUD-OSS",
|
|
@@ -1546,12 +1555,15 @@
|
|
|
1546
1555
|
"CVE-2023-3519",
|
|
1547
1556
|
"CVE-2024-21762",
|
|
1548
1557
|
"CVE-2024-37079",
|
|
1558
|
+
"CVE-2025-14174",
|
|
1549
1559
|
"CVE-2025-14733",
|
|
1550
1560
|
"CVE-2025-21042",
|
|
1551
1561
|
"CVE-2025-21043",
|
|
1552
1562
|
"CVE-2025-5419",
|
|
1563
|
+
"CVE-2025-6965",
|
|
1553
1564
|
"CVE-2025-9242",
|
|
1554
1565
|
"CVE-2026-0300",
|
|
1566
|
+
"CVE-2026-22778",
|
|
1555
1567
|
"CVE-2026-3909",
|
|
1556
1568
|
"CVE-2026-42945",
|
|
1557
1569
|
"CVE-2026-43500",
|
|
@@ -1888,6 +1900,8 @@
|
|
|
1888
1900
|
],
|
|
1889
1901
|
"evidence_cves": [
|
|
1890
1902
|
"CVE-2024-3094",
|
|
1903
|
+
"CVE-2026-30615",
|
|
1904
|
+
"CVE-2026-45321",
|
|
1891
1905
|
"MAL-2026-NODE-IPC-STEALER"
|
|
1892
1906
|
],
|
|
1893
1907
|
"framework_controls_partially_addressing": [
|
|
@@ -1921,6 +1935,26 @@
|
|
|
1921
1935
|
"supply-chain-integrity"
|
|
1922
1936
|
],
|
|
1923
1937
|
"evidence_cves": [
|
|
1938
|
+
"CVE-2025-0133",
|
|
1939
|
+
"CVE-2025-10725",
|
|
1940
|
+
"CVE-2025-1094",
|
|
1941
|
+
"CVE-2025-14847",
|
|
1942
|
+
"CVE-2025-21085",
|
|
1943
|
+
"CVE-2025-22224",
|
|
1944
|
+
"CVE-2025-22225",
|
|
1945
|
+
"CVE-2025-22226",
|
|
1946
|
+
"CVE-2025-24201",
|
|
1947
|
+
"CVE-2025-38352",
|
|
1948
|
+
"CVE-2025-43300",
|
|
1949
|
+
"CVE-2025-53767",
|
|
1950
|
+
"CVE-2025-55241",
|
|
1951
|
+
"CVE-2025-59529",
|
|
1952
|
+
"CVE-2025-8671",
|
|
1953
|
+
"CVE-2026-7482",
|
|
1954
|
+
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
1955
|
+
"MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP",
|
|
1956
|
+
"MAL-2025-PYPI-COLORAMA-SOLANA-STEALER",
|
|
1957
|
+
"MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER",
|
|
1924
1958
|
"MAL-2026-TANSTACK-MINI"
|
|
1925
1959
|
],
|
|
1926
1960
|
"framework_controls_partially_addressing": [
|
|
@@ -2172,8 +2206,10 @@
|
|
|
2172
2206
|
"related_weaknesses": [],
|
|
2173
2207
|
"evidence_cves": [
|
|
2174
2208
|
"CVE-2014-3931",
|
|
2209
|
+
"CVE-2025-14174",
|
|
2175
2210
|
"CVE-2025-31277",
|
|
2176
2211
|
"CVE-2025-6543",
|
|
2212
|
+
"CVE-2025-6965",
|
|
2177
2213
|
"CVE-2025-7775",
|
|
2178
2214
|
"CVE-2026-20700",
|
|
2179
2215
|
"CVE-2026-3910"
|
|
@@ -2334,6 +2370,7 @@
|
|
|
2334
2370
|
],
|
|
2335
2371
|
"related_weaknesses": [],
|
|
2336
2372
|
"evidence_cves": [
|
|
2373
|
+
"CVE-2024-1709",
|
|
2337
2374
|
"CVE-2025-2746",
|
|
2338
2375
|
"CVE-2025-2747",
|
|
2339
2376
|
"CVE-2025-34026",
|
|
@@ -2535,8 +2572,10 @@
|
|
|
2535
2572
|
],
|
|
2536
2573
|
"related_weaknesses": [],
|
|
2537
2574
|
"evidence_cves": [
|
|
2575
|
+
"CVE-2025-10585",
|
|
2538
2576
|
"CVE-2025-13223",
|
|
2539
2577
|
"CVE-2025-30397",
|
|
2578
|
+
"CVE-2025-4919",
|
|
2540
2579
|
"CVE-2025-6554",
|
|
2541
2580
|
"CVE-2026-21519"
|
|
2542
2581
|
],
|
|
@@ -2672,7 +2711,8 @@
|
|
|
2672
2711
|
],
|
|
2673
2712
|
"related_weaknesses": [],
|
|
2674
2713
|
"evidence_cves": [
|
|
2675
|
-
"CVE-2025-32706"
|
|
2714
|
+
"CVE-2025-32706",
|
|
2715
|
+
"CVE-2026-22778"
|
|
2676
2716
|
],
|
|
2677
2717
|
"last_verified": "2026-05-18",
|
|
2678
2718
|
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
@@ -4197,5 +4237,24 @@
|
|
|
4197
4237
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
4198
4238
|
"_auto_imported": true,
|
|
4199
4239
|
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
4240
|
+
},
|
|
4241
|
+
"CWE-668": {
|
|
4242
|
+
"id": "CWE-668",
|
|
4243
|
+
"name": "Exposure of Resource to Wrong Sphere",
|
|
4244
|
+
"abstraction": "Class",
|
|
4245
|
+
"category": "Access Control",
|
|
4246
|
+
"description": "The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Bulk-cited in container-escape CVEs (runc / CRI-O / containerd). MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/668.html.",
|
|
4247
|
+
"top_25_rank_2024": null,
|
|
4248
|
+
"top_25_rank_2025": null,
|
|
4249
|
+
"view_memberships": [
|
|
4250
|
+
"CWE-1000",
|
|
4251
|
+
"CWE-2000"
|
|
4252
|
+
],
|
|
4253
|
+
"related_weaknesses": [],
|
|
4254
|
+
"evidence_cves": [
|
|
4255
|
+
"CVE-2024-21626"
|
|
4256
|
+
],
|
|
4257
|
+
"last_verified": "2026-05-19",
|
|
4258
|
+
"notes": "Added v0.13.19 to back the runc /proc/self/fd container-escape (CVE-2024-21626) cwe_refs entry."
|
|
4200
4259
|
}
|
|
4201
4260
|
}
|