| version: 1 | |
| exceptions: | |
| - package: xlsx | |
| advisory: "GHSA-4r6h-8v6p-xvw6" | |
| severity: high | |
| reason: "Admin export only; switched to dynamic import to reduce exposure (CVE-2023-30533)" | |
| mitigation: "Load only on export; restrict export permissions and data scope" | |
| expires_on: "2026-04-05" | |
| owner: "security@your-domain" | |
| - package: xlsx | |
| advisory: "GHSA-5pgg-2g8v-p4x9" | |
| severity: high | |
| reason: "Admin export only; switched to dynamic import to reduce exposure (CVE-2024-22363)" | |
| mitigation: "Load only on export; restrict export permissions and data scope" | |
| expires_on: "2026-04-05" | |
| owner: "security@your-domain" | |