Avala
Security
All advisories
informationalBootstrapMeta

Portal bootstrap (first advisory scaffold)

Seed advisory that verifies the MDX rendering pipeline. Gets replaced by the first real disclosure once the CNA workflow is live.

Avala Security TeamPublished Apr 20, 20261 min read
Share
Portal bootstrap (first advisory scaffold)
Affected
security.avala.ai

Highlights

  • Verifies the MDX → React advisory rendering pipeline.
  • Documents the frontmatter schema so the next advisory drops in without guesswork.
  • Replaced by the first externally-reported high- or critical-severity finding.

Placeholder advisory. Exists so the /advisories route renders before the first real disclosure ships, and so the MDX pipeline is exercised in CI and on staging.

Background

Every closed-and-disclosed finding at Avala publishes as a structured advisory here. The format lives at security/content/advisories/ in the monorepo: one MDX document per advisory with strict frontmatter. See the README next to this file for the schema.

Technical details

Describe the bug in one paragraph. Explain what an attacker could do and who's affected. Name the root cause (code, config, or process). Name the fix (what changed, when it deployed, any follow-ups). Give the timeline (report → triage → fix → disclosure). Credit the researcher, linked to their hall-of-fame entry if they opted in.

Timeline

DateEvent
2026-04-18Security portal goes live
2026-04-20First advisory template published (this file)

Credit

Bootstrapped by the Avala Security team. The next advisory credits the first external researcher who lands a valid high- or critical-severity finding.

Submit a report. Rewards up to $5,000, plus a slot here.

Found something similar? Help us find the next one.

All advisoriesSubmit a report