chore: update security scan results

    - Updated scan data from workflow run 16
    - Scan mode: git-only
    - Total scanned: 47
    - Total vulnerabilities: 272

Author: actions-user

data/master-bfe5caf58f.json

@@ -1,7 +1,7 @@
 {
   "release_version": "master-bfe5caf58f",
-  "scan_date": "2025-07-22T00:27:47.082727Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:27:29.906473Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [
     {

data/release_v5.0-d9f9b7d8ed.json

@@ -1,7 +1,7 @@
 {
   "release_version": "release/v5.0-d9f9b7d8ed",
-  "scan_date": "2025-07-22T00:26:59.794376Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:27:13.836746Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [
     {

data/release_v5.1-83f5d0eefc.json

@@ -1,7 +1,7 @@
 {
   "release_version": "release/v5.1-83f5d0eefc",
-  "scan_date": "2025-07-22T00:27:39.041259Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:27:06.661391Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [],
   "summary": {

data/release_v5.2-1a4fd9b80b.json

@@ -1,7 +1,7 @@
 {
   "release_version": "release/v5.2-1a4fd9b80b",
-  "scan_date": "2025-07-22T00:27:15.958304Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:26:51.510905Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [],
   "summary": {

data/release_v5.3-bf79937908.json

@@ -1,7 +1,7 @@
 {
   "release_version": "release/v5.3-bf79937908",
-  "scan_date": "2025-07-22T00:27:31.930641Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:26:44.237174Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [
     {

data/release_v5.4-f10ac3eec2.json

@@ -1,7 +1,7 @@
 {
   "release_version": "release/v5.4-f10ac3eec2",
-  "scan_date": "2025-07-22T00:27:08.446635Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:26:59.138301Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [
     {

data/release_v5.5-b66b5448e0.json

@@ -0,0 +1,52 @@
+{
+  "release_version": "release/v5.5-b66b5448e0",
+  "scan_date": "2025-07-23T00:27:22.627274Z",
+  "tool_version": "0.21.0",
+  "total_components": 0,
+  "vulnerabilities": [
+    {
+      "cve_id": "CVE-2025-49600",
+      "component": "mbed_tls",
+      "component_version": "3.6.3",
+      "severity": "MEDIUM",
+      "score": "4.9",
+      "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
+      "description": "In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification.",
+      "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-49600"
+    },
+    {
+      "cve_id": "CVE-2025-49601",
+      "component": "mbed_tls",
+      "component_version": "3.6.3",
+      "severity": "MEDIUM",
+      "score": "4.8",
+      "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
+      "description": "In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.",
+      "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-49601"
+    },
+    {
+      "cve_id": "CVE-2025-52497",
+      "component": "mbed_tls",
+      "component_version": "3.6.3",
+      "severity": "MEDIUM",
+      "score": "4.8",
+      "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
+      "description": "Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.",
+      "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-52497"
+    }
+  ],
+  "summary": {
+    "total_vulnerabilities": 3,
+    "by_severity": {
+      "CRITICAL": 0,
+      "HIGH": 0,
+      "MEDIUM": 3,
+      "LOW": 0
+    }
+  },
+  "metadata": {
+    "scanner": "esp-idf-security-dashboard",
+    "scan_method": "git-release-branch",
+    "docker_image": null
+  }
+}

data/scan_summary.json

@@ -1,60 +1,60 @@
 {
-  "last_updated": "2025-07-22T00:27:47.083279Z",
+  "last_updated": "2025-07-23T00:27:29.907017Z",
   "scanned_versions": [
+    "v5.0",
     "v5.4",
-    "v5.0.8",
-    "v5.2",
+    "v5.3",
+    "v5.0.6",
+    "v5.3.1",
+    "v5.0.3",
+    "v5.2.5",
+    "v5.5",
+    "v5.2.3",
     "v5.0.5",
+    "v5.2.1",
+    "v5.1.3",
+    "v5.1.5",
     "v5.1.6",
-    "v5.1.4",
     "v5.1.2",
     "v5.3.2",
+    "v5.0.8",
+    "v5.0.4",
+    "v5.1.4",
     "v5.0.2",
-    "v5.1",
-    "v5.3",
     "v5.4.1",
-    "v5.5",
-    "v5.3.3",
-    "v5.2.4",
-    "v5.0.7",
     "v5.4.2",
-    "v5.3.1",
-    "v5.2.3",
     "v5.0.9",
-    "v5.2.1",
     "v5.2.2",
-    "v5.0.4",
-    "v5.1.3",
-    "v5.0.1",
-    "v5.1.5",
+    "v5.3.3",
+    "v5.2.4",
+    "v5.2",
+    "v5.0.7",
     "v5.1.1",
-    "v5.0.3",
-    "v5.0",
-    "v5.0.6",
-    "v5.2.5",
-    "release/v5.0-d9f9b7d8ed",
-    "release/v5.4-f10ac3eec2",
-    "release/v5.2-1a4fd9b80b",
-    "release/v5.5-25c7c11970",
+    "v5.0.1",
+    "v5.1",
     "release/v5.3-bf79937908",
+    "release/v5.2-1a4fd9b80b",
+    "release/v5.4-f10ac3eec2",
     "release/v5.1-83f5d0eefc",
+    "release/v5.0-d9f9b7d8ed",
+    "release/v5.5-b66b5448e0",
     "master-bfe5caf58f"
   ],
   "failed_versions": [
-    "release/v5.0",
-    "release/v5.4",
-    "release/v5.2",
-    "release/v5.5",
     "release/v5.3",
+    "release/v5.2",
+    "release/v5.4",
     "release/v5.1",
+    "release/v5.0",
+    "release/v5.5",
     "master"
   ],
   "total_scanned": 38,
   "scan_method": "git-batch",
-  "workflow_run": "15",
+  "workflow_run": "16",
   "scanner_info": {
     "tool": "esp-idf-security-dashboard",
-    "esp_idf_sbom_version": "0.20.1",
+    "esp_idf_sbom_version": "0.21.0",
     "batch_mode_used": true
   }
 }

data/v5.0.1.json

@@ -1,7 +1,7 @@
 {
   "release_version": "v5.0.1",
-  "scan_date": "2025-07-22T00:26:18.813161Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:26:33.128133Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [],
   "summary": {

data/v5.0.2.json

@@ -1,7 +1,7 @@
 {
   "release_version": "v5.0.2",
-  "scan_date": "2025-07-22T00:24:25.424455Z",
-  "tool_version": "0.20.1",
+  "scan_date": "2025-07-23T00:25:22.434137Z",
+  "tool_version": "0.21.0",
   "total_components": 0,
   "vulnerabilities": [],
   "summary": {